Cybersecurity Analyst - LA, US -  ManTech

Cybersecurity Analyst - LA, US - ManTech

Job Summary

Primary Responsibilities

  • Develop and tune Palo Alto Intrusion Detection and Prevention rules and signatures.
  • Triage alerts to identify malicious actors on customer networks.
  • Review DoD and open source intelligence for threats.
  • Identify Indicators of Compromise (IOCs) and integrate those into sensors and SIEMs.
  • Report incidents to customers and USCYBERCOM.

Basic Qualifications
Qualifications:

  • Active Top Secret clearance with TS/SCI eligibility shown in JPAS.
  • BS and 8+ years of prior relevant experience (4+ years of related experience may be substituted in lieu of degree)
  • DoD 8570 IAT II (Security+ce or equivalent) prior to starting and CSSP-A Certification (CEH or equivalent) within 4 months of hire.
  • Extensive familiarity with intrusion detection/prevention methodology.
  • Experience with and ability to develop and tuning Palo Alto IDS/IPS signatures and rules.
  • Demonstrated understanding of TCP/IP, common networking ports and protocols.
  • Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
  • Demonstrated understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
  • Willing to perform shift work.

Preferred Qualifications.

  • Advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP and/or SIEM-specific training and certification. (Security+ CE, CISSP or equivalent).
  • Palo Alto certifications (ACE,PCNSE).
  • CND experience (Protect, Detect,Respond and Sustain) within a Computer Incident Response organization or Security Operations Center.
  • Demonstrated commitment to training, self-study and maintaining proficiency in the technical cybersecurity domain
  • Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings.
  • Familiarity or experience in Intelligence Driven Defense and/or Cyber Kill Chain methodology.
  • Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, FPC), and other attack artifacts in support of incident investigations.
  • In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar,LogLogic, Splunk).
  • Experience and proficiency withany of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics.
  • Experience with malware analysis concepts and methods.
  • Unix/Linux command line experience.
  • Scripting and programming experience.
  • Location: Scott AFB, IL (O'Fallon, IL)