Job DescriptionPosition Overview: Reporting to the Lead of Focused Operations, under the Branch Chief of Defensive Cyber Operations, you will be tasked with developing and maintaining defensive countermeasures for the enterprise. Working within a Fusion model, will collaborate with other teams within Focused Operations with the distinct task of proactively preventing a successful compromise and eradicating persistent adversaries already in the enterprise. This will be done through various means such as: reviewing future and past intelligence reports, reviewing incident reports, through regular Purple Teaming exercises, and continuously validating Defensive Countermeasures already deployed.
More about your role:- Analyzes trends and patterns of data on NGA networks to identify and predict previously undiscovered events and incidents, and develop or tune rules/signatures/scripts as needed.
- Coordinates with Defensive Cyber Operations and Focused Operations to develop or tune rules/signatures/scripts.
- Coordinates with other Cybersecurity Operations Services to investigate and obtain information about potential sources of compromise on enterprise systems, and develop or tune rules/signatures/scripts as needed.
- Correlates and analyzes precursors to incidents, and develop or tune rules/signatures/scripts as needed.
- Will collaborate with the Cyber Data Analytics team to achieve SIEM alert efficiency though evaluation of valid alerts and false positives, and develop or tune rules/signatures/scripts as needed
- Work with the Cyber Incident Response Team by assessing ongoing incident activity to predict adversary responses and locations of compromise to assist with triage.
- Documents all work in the authorized ticketing system with a sufficient level of detail to ensure all stakeholders can systematically reconstruct the analysis;
- Provide input to reoccurring meetings and briefings as required.
Required SkillsRequired Qualifications:- Must be a US Citizen with an Active TS/SCI.
- 8+ years of related advanced cyber security analytics work experience.
- Must have a certification that is compliant with DoD 8140.01 and DoD 8570.01-M IAT Level III and CSSP Analyst.
- Experience with data mining or building queries in a SIEM.
- Strong understanding of signature development and tuning.
- Strong understanding of network protocols and analysis with protocol analyzers.
- Knowledge of static file signatures, i.e. "magic numbers" and how it applies to developing countermeasures for files in transit and that reside locally on a host.
- Good working knowledge of regular expressions.
Desired SkillsPreferred Skills:- Comfortable in a hex editor.
Additional DetailsThis position has an anticipated salary range of $120,000-$149,000 per year. Actual compensation will be determined based on factors including experience, qualifications, skills, education, certifications, and business needs. Crimson Phoenix offers a comprehensive benefits package, including medical, dental, and vision insurance, a 401(k) with company match, generous paid time off, company-paid life and disability insurance, tuition reimbursement, professional development opportunities, employee recognition programs, and additional wellness and work-life benefits.
U.S. citizenship and the ability to obtain or maintain a security clearance may be required for certain positions.