JobTitle: McAfee Security Cyber Defense Analyst / Threat Analyst / Incident Response Analyst
Location: Annapolis Junction / Columbia, MD area
Security Clearance Required: TS/SCI with a Full Scope Poly
Job Description Summary:
Cyber Defense Analyst, also known as Cyber Defense Analysts, conduct all-source analysis, digital forensics, and targeting to identify, monitor, assess, and counter the threat posed by cyber actors. Cyber Defense Analysts apply their scientific and technical knowledge, skills, and abilities to solve complex intelligence problems and to produce short-term and long-term written assessments and recommended courses of action. They use their analytical, writing, and presentation skills to inform leaders at all levels of threat, risk, and operational context.
Cyber threat analysis demands initiative, creativity, analytical skills, and technical expertise. Analysts must maintain and broaden their analytical and technical skills, as well as their professional networks, throughout their careers. This is achieved through academic study, practical experience, collaboration with peers, and participation in professional gatherings. They may also pursue additional studies and cross-functional training in fields relevant to their areas of responsibility.
The Cyber Defense Analysts compile cyber threat data gathered from various sources including independent research and analysis, cybersecurity operations activity, system behavior, defensive cyber capabilities (i.e., McAfee systems), and etcetera. They look at emerging technology and technology trends, cyberspace tactics, techniques, and procedures, and adversarial capability and intent. They use all this information to develop comprehensive and detailed threat assessments that inform defensive cyberspace operations.
On a near real-time basis, they analyze cyber threat Indications & Warnings and fuse unclassified/open source cyber threat information with proprietary or client internal threat intelligence. They enrich their analyses through correlation of threat intelligence with internal and external network activity and system behavior to provide insight into every stage of a potential adversary’s cyber kill chain.
- Performs focused monitoring capabilities on a case-by-case basis.
- Performs testing of new software releases/upgrades and policies to ensure compatibility with enterprise applications.
- Performs network maintenance checks on requisite insider threat monitoring software and third-party architecture.
- Creates policies, performs data analysis, product configuration support, network and database support, and maintenance of the operating server, agent, baseline, and database repository; performs software policy analysis, generation refinement, and testing.
- Reviews and recommends additional resources required to meet customer mission requirements. Assists the Government in building and deploying software enhancements.
- Participates in customer program and technical exchange meetings. Provides product specific training on-site and off-site as required.
- Identifies, collects, and performs analysis of raw, primary and secondary data derived from various sources
- Investigates, documents, and reports on information cybersecurity issues and emerging trends
- Provides finished intelligence products, including high-quality papers, briefings, recommendations, and findings for senior leaders.
- Develops and maintain expertise in Cyberspace operations, emerging Cyber threats and trends, and evolving policy and regulatory framework for Cyberspace operations.
- Provides regional or functional analytic support pertaining to a wide-range of Cyber threat actors.
- Performs analytic support focused on Cyberspace doctrine, policies, strategies, capabilities, and Cyberspace groups, individuals, organizations, tools, tactics, and procedures.
- Prepares assessments of current threats and trends based on the sophisticated collection, research, and analysis of classified and open source information.
- Develops and maintain analytical procedures to meet changing requirements and ensure maximum operational success.
- Collects data using a combination of standard intelligence methods and business processes.
- Maintains current knowledge of relevant technologies and subject areas.
- Participates in special projects as required
- Provides leadership and guidance to less experienced personnel.
- Utilizes technology (e.g., ESM, ACE, SPLUNK) to correlate events and identify indicators of threat activity.
- Utilizes intelligence regarding threat capabilities to develop IDS/IPS signatures
- Conducts log file analysis to identify indicators of compromise.
- Reports suspected threat activity to the requirements manager and incident handlers for ticketing and assignment to a DCOD for a response.
- Refines and applies a variety of analytical methods and models to help transform large sets of data into knowledge to identify threat and threat activity on Army networks.
- Coordinates and provides guidance, assistance, and recommended courses of action to ensure compliance with DoD and Army IA policies for threat mitigation and incident handling.
- Engage stakeholders across DoD, collects and assimilates data, defines business rules, and communicates the analyses to clients and leadership
Cyber Defense Analysts generally have:
- 3-5 years of experience with DoD and/or IC Cybersecurity policy, process, and procedure
- 3+ years of experience with military or IC intelligence policy, process, procedure, and tradecraft
- Knowledge of intelligence community, military, U.S. government, Cyber organizations
- 3+ years of experience with all-source threat intelligence collection, analysis, production and dissemination, cyber incident response support, or defensive cyberspace operations support
- Skills in open source data collection (OSINT) and acquisition such as investigating, researching, google hacking, etc.
- 3+ years of experience with quantitative analysis, analytical methods, or data analysis
- 2+ years of experience with quantitative statistical, data analysis, or data visualization programs, including Tableau, R, or Stata
- Experience with Microsoft Office, including Word, Excel, and PowerPoint
- Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources for the purposes of documenting results and analyzing findings to provide meaningful products
- Knowledge of adversarial activities in cyberspace with an understanding of intrusion set tactics, techniques, and procedures (TTPs) and operational tradecraft with the ability to emulate this TTP to assess vulnerability and risk
Experience with threat intelligence tools.
- Proficient with the operation, including rule and signature development, of intrusion detection and network security monitoring tools, including but not limited to, SNORT and YARA.
- Experience with malware analysis and reverse engineering techniques and tools (IDA, OllyDbg)
- Experience with the development of applications, custom tools, and solutions in various coding languages to include SQL, Python, Django, Perl, Ruby, PHP, Java, etc.
- Experience with security tools such as – Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well as other various testing tools
- Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks.
- Demonstrated an understanding of networking fundamentals such as the OSI model, IP addressing, DNS, switching/routing, ports and protocols, authentication techniques.
- Demonstrated understanding of proxies, anonymizers, and capabilities such as TOR
- Experience with analytical techniques such as Pcap analysis, HTTP header analysis, Cyber Kill Chain methodology
- Demonstrated understanding of malware types and malware terminology (i.e., exploit, implant, reverse shell, call out backdoor, call in backdoor, etc.)
- Demonstrated an understanding of cyber technologies and techniques such as hashing, reputation, heuristics, signatures, network traffic, and behavior analysis, predictive, prescriptive, and diagnostic analytics, machine learning, etc.
- Demonstrated familiarity with the operational use of McAfee products such as Enterprise Security Manager (ESM), Network Security Platform (NSP), and Advanced Threat Defense (ATD).
- Demonstrated familiarity with the operational use of other vendor products such as SPLUNK and FireEye.
- Practical understanding of public and private cloud concepts.
Do Not Use