Cybersecurity Signature Implementer
* Tuvli, LLCan Akima Company, * isdedicated to providing our customers with superior, integrated technology andprogram support services and solutions.Our systems engineering, information technology, information assurance, programsupport and project management staff work closely with customersto ensure that our solutions aredirectly aligned with their business processes anddesired program outcomes. We emphasize affordability, and delivering the bestvalue for technology investments. Ourpersonnel enjoy competitive benefits packages and challenging roles in workenvironments committed to innovation, diversity and opportunity for careergrowth. As an Alaska Native Corporation (ANC), 100% of our company's profits goback to our 14,300 Iñupiat shareholders that have resided near and above theArctic Circle for more than 10,000 years. Our business helps support their wayof life and contributes to the survival of a culture that has thrived in achallenging environment.
Tuvli seeks a Cybersecurity Signature Implementer to become a part of the organizational/coordination member within the team. You will posses and apply a comprehensive knowledge across key tasks and high impact assignments. Plans and leads major technology assignments. Evaluates performance results and recommends major changes affecting short-term project growth and success. Functions as technical expert across multiple project assignments.
- Manage investigation status, progress reporting, risks/issues, scheduling, quality, and continual improvement documentation.
- Assist in managing stakeholder relationships; coordinate with other contractors.
- Documentation and Reporting.
- Provide accurate, concise reporting Identify and document host-based tactics, techniques, and procedures used by an attacker to gain unauthorized system access.
- Track and document CND incidents from initial detection through final resolution.
- Deployment and Data Collection Collect intrusion artifacts (e.g., domains, Uniform Resource Identifiers (URIs), certificates, etc.) and use discovered data to enable mitigation of potential CND hunts and incidents.
- Understanding of network architecture/engineering standards and methods of securing networks and strong background of network administration/system administration.
- Aide in the scoping and hypothesis gathering process pre-deployment.
- Hunt and Discovery; Investigating targeted threat actors of various categories such as Nation State Actors, hacktivist groups, commodity malware, script kiddies, more.
- Perform analysis of log files from a variety of host sources to identify threats Host forensics to include performing endpoint detection and response/hunt.
- Ability to recognize malicious TTPs and IOCs in pursuit of a threat adversary on network using endpoint agent based solutions.
- Post Discovery Analysis, Reverse Engineering/Malware Analysis using industry standard tools Digital Forensics utilizing industry standard tools; Artifact Analysis - the analysis of files that may or may not be binary's used for in depth analysis but the general analysis of files from various operating systems to determine relation to threat actor activity (target files, residual changes, etc) Lateral Movement Analysis via a knowledge of network and authentication and other log types.
- Perform forensically sound collection of images and inspect to discern possible mitigation/ remediation on enterprise systems.
- Must have a TS with SCI eligibility clearance (TS/SCI preferred).
- Must have Security certification.
- Must be able to obtain:
- IAM Level 2 or 3 (Information Assurance Management) or
- IAT Level 2 or 3 (Information Assurance Technical) IAW DoD 8570.01M (now DoD 8140 Cyberspace Workforce Management).
- Bachelor degree from accredited school (in Computer Information Systems preferred).
- 3-5 years of experience using IC IT security policies and procedures.
- Experience with performing real-time CND Incident Handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable incident response teams.
- Programming and or Scripting Skills to include Python, Ruby, Perl, C, C#, .NET, etc.
- Automation and data normalization skills.
- Familiarity with virtual environment, on premise and public cloud environments, hybrid environments, etc.
- Proficient in malicious activity detection, including automatic detection and characterization; reactive countermeasures; proactive defenses; threat assessment; damage assessment; reverse engineering, IDS; malware and anti-virus support; and RDBMS admin, query, and reports.
- Possess at least one active certification from the following:
- GCFE, GCFA, GCED, GREM, GNFA, EnCE, GCIA, GNFA, GCIH, or CSIH.
- Possess more than one active certification from the following:
- CISSP, GCFE, GCFA, GCED, GREM, GNFA, EnCE, GCIA, GNFA, GCIH, CEH, CSIH, OSCP, or OSCE.
Theduties and responsibilities listed in this job description generally cover thenature and level of work being performed by individuals assigned to thisposition. This is not intended to be a complete list of all duties,responsibilities, and skills required. Subject to the terms of anapplicable collective bargaining agreement, the company management reserves theright to modify, add, or remove duties and to assign other duties as may benecessary. We wish to thank all applicants for their interest and effortin applying for the position; however, only candidates selected for interviewswill be contacted.
Weare an equal opportunity employer. All applicants will receiveconsideration for employment, without regard to race, color, religion, creed, nationalorigin, gender or gender-identity, age, marital status, sexual orientation,veteran status, disability, pregnancy or parental status, or any other basisprohibited by law.