The candidate will work directly in an operations organization on a small tight-knit team identifying data and collection sources and developing computer network defense analytics. They will review network traffic and endpoint collection and directly apply that information in the customer’s Splunk analytic framework.
- Computer Network Defense Monitoring and Intrusion Analysis, using various IDS, such as Bro and Snort.
- Knowledge of host-based Computer Defense/Analysis, using Sysinternals, Event log analysis, and collection tools such as Google Rapid Response.
- Experience with memory analysis tools such as Volatility.
- Knowledge of Computer Networking
- Knowledge of Windows Server/Workstation Artifacts: Logs, Registry, and Filesystem, i.e Windows 7 through Windows 10, Windows Server 2003 – Windows Server 2012.
- Knowledge of scripting to help automate analysis and processing, e.g. bash, batch, in-line Python or Perl
- Ability to work well on a team and adapt skills to accomplish tasks and document findings
- Knowledge of analytic frameworks such as Splunk
A TS/SCI security clearance with polygraph.
5 years experience
OR B.S and 1 yearexperience