• Network Threat Specialist, Sr.

    Location US-MD-Ft. Meade
    Posted Date 1 week ago(11/30/2018 3:27 PM)
    Job ID
    N-1974
    # Positions
    1
    Experience (Years)
    8
    Category
    Cyber Security
  • Overview

    WOOD is currently hiring a Sr. Network Threat Support Specialist to join our team in the Ft. Meade, MD area. The Network Threat Support Specialist will analyze, map, protect and discover vulnerabilities, intrusions and threats in a computer network systems. 

     

    Responsibilities

     

    • Designing, demonstrating, developing, implementing, and updating exploitation or protection methods and recommending mitigation strategies and techniques
    • Evaluating Snort, Yara, and Genesis signatures to enable development of signature tradecraft standards
    • Evaluating multiple operating systems, network configurations, network architectures and topologies for potential technical and/or operational vulnerabilities. Efforts also include:
      • Analyzing network transports and application layer packets and identifying packet details
      • Identifying anomalies at the packet level and developing signatures to support various collection platforms
      • Demonstrating proficiency with common network protocols and analysis tools, specifically Wireshark (Ethereal)
    • Performing each phase of cyber activity tracking; conducting network reconnaissance to detect the presence of unexpected behavior, identifying anomalous activity, categorizing and tagging intrusive activity
    • Performing network intrusion incident response and network attack characterization and reconstruction
    • Identifying signatures, attack scenarios, attacker profiles, and other relevant information to enhance Customer's knowledge of the adversary and the techniques employed
    • Performing in-depth technical analysis with the goal of determining what the intruder did or attempted to do, where they came from, how they got in, their motivation, and anything else that can be learned from analyzing the intrusion data to include:
      • Developing techniques for the identification and analysis of malicious activity
      • Understanding the development of SNORT signatures or similar intrusion detection syntax
      • Determining the extent of malware's capabilities, how to detect it and to assess its impact on affected systems
    • Conducting real world, near real time, monitoring, analysis and reporting.
    • Utilizing tools (in-house, freeware, commercial) and analytical techniques to determine the levels of severity and potential mission impact of anomalous behavior.
    • Writing scripts/tools to develop an analysis capability to include:
      • Applying basic analytic methods such as computer programming, (JAVA, Perl, C, etc.) and debugging programs
      • Developing technical techniques and processes
    • Reviewing log files, Access Control List (ACL), network Intrusion Detection System (IDS) records and host IDS records for evidence of pre-intrusion activity
    • Characterizing methods with respect to resources and capabilities required or risks of detection and attribution
    • Discovering methods of protecting specific networks, computer systems or specific hardware or software
    • Independently conducting comprehensive analysis on all types of forensics microcomputer and computer media. Efforts also include:
      • Forensically analyzing magnetic and optical media using forensic software applications
      • Conducting forensic examination of computer-related equipment, including network devices
      • Analyzing and interpreting technical data
    • Participating in team building research efforts, and sharing analytical techniques and research methodologies

    Qualifications

    *All Candidates must have a TS/SCI clearance with a Polygraph

    • Shall have a minimum of eight (8) continuous years of work experience in network and vulnerability analysis, or a combination of a minimum of five (5) continuous years of work experience in network and vulnerability analysis and a Bachelor’s degree in an applicable (math, science, computers, engineering) field
    • Work experience shall include five (5) years of IC experience in network and vulnerability analysis
    • Cyber analyst with experience in SIGINT Discovery and Development (SIGDEV)
    • Working knowledge of intelligence databases and tools to detect, characterize and assess network threats.
    • Understanding of Information Assurance tools such as Intrusion Detection Systems, firewalls and scanners and network devices such as routers and switches
    • Technical knowledge of host and networks vulnerabilities and exploitations for operating systems and applications
    • Hands on experience performing packet level analysis using tools such as WIRESHARK and TCPDUMP
    • Working knowledge of Internet and networking protocols
    • Knowledge of Malware and how it is used against networks. Experience in discovering anomalies and intrusion discovery
    • Shall have demonstrated expertise related to the use of relevant Computer Network Operations (CNO) and SIGINT tools and databases used for the customer mission
    • Shall also demonstrate analytic ability to discover unknown, suspicious or exploitation activity, be able to provide briefings of intrusion set activity to partner organizations/agencies, and be knowledgeable about all forms of reporting and experienced with creating each product type, and thus be able to organize training for other team members on analysis, tools, or reporting
    • Shall have demonstrated skills working through the SIGINT and/or other intelligence disciplines' production processes, to include tasking, researching, processing, reporting, and disseminating of collection, information, or final products
    • Shall demonstrate the ability to understand and interpret technical data through knowledge of technologies and network topologies
    • Shall have demonstrated expertise in documenting information and processes and gathering intelligence information of an identified threat activity through SIGINT and/or other intelligence disciplines, Internet, and other research means

     

    Required Tools/Certifications: Wireshark/Ethereal, Nessus, Snort, tcpdump, tcp wrapper, IDS (various), ISS scanner, eEye digital vulnerability scanner, <forensics work at host, network, or software levels>, <penetration testing work>, <malware, spyware, botnet work>, GCFIH, CNDA, Forensic examiner, Media Collector, Security+,  Nmap, SSCP, Cisco CCNA ( and other Cisco related network certs),  Network+, Net Impact

     

    Preferred Tools/CertificationsIDA Pro, MetaSploit, EnCase, Cain and Abel, John the Ripper, Ollydebug, HBSS, GSEC, GCIA, GPEN, GCFW, GCFA, CORE Impact, certified basic digital media collector, Paraben

     

     

    WOOD Consulting Services is headquartered in Fulton, Maryland with an office in Washington, DC. WOOD embraces a simple philosophy… take care of our people and they will take care of our customers. We seek to hire and retain high caliber-talent to meet the needs of our customers with excellent services. For over 20 years, WOOD has followed that philosophy and built a reputation as reliable mission-enablers helping U.S. agencies achieve mission success.

     

    WOOD is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed