Cybersecurity Responder Analyst
ClearFocus Technologies
 Washington, DC
We are seeking a Cybersecurity Responder/Analyst candidate for a full time opening in Washington, DC. All applicants must be U.S Citizens with an active Top Secret Clearance and the ability to obtain a Q/SCI.

PRIMARY RESPONSIBILITIES:

  • Serve as the Cybersecurity Responder/Analyst responsible for analyzing information collected from a variety of sources to identify, analyze, respond to, contain, and report on events to protect information systems and networks from threats.

  • Perform technical security activities to include:

    • Characterize and analyze security events to identify anomalous and potential threats to systems

    • Analyze identified malicious activity to determine exploitation methods and impacts

    • Triage, contain, and remediate intrusions, malware, and other cybersecurity threats

    • Document, track and escalate cybersecurity incidents


  • Employ best practices when implementing security requirements within an information system. 

  • Participate in IC Community working groups.

  • May serve as a technical team or task leader.

  • Maintains current knowledge of relevant technology and threats as assigned.

  • Respond to cyber incidents as defined in Incident Response and local SOP.

  • Participates in special projects as required.

  • Participate as central part of a 24x7 watch center responsible for monitoring for, responding to, tracking, and relaying information from cybersecurity events and associated cyber threat intelligence.

  • Answer SOC Watch phones and monitor SOC Watch email.

  • Define, implement, and respond to cybersecurity alerts for anomalous and malicious activity

  • Implement new signatures and IOCs

  • Maintain current knowledge of common adversary tactics, techniques, and procedures.

  • Working in a SIEM, interpreting IDS alerts, interpreting pcap, sysmon, and NetFlow data, and deriving context from event logs and forensic artifacts

  • Knowledge of the intelligence community and audit collection policies.

  • Experience reporting IT Security events/incidents in the time prescribed based on policies and procedures.

  • Coordinate incident and cyber threat intelligence data with other cybersecurity operations and intelligence centers


 

The Cybersecurity Responder/Analyst duties also include the following, and ideal applicants will be experienced in at least one of the following areas:
  • Digital Forensics for Incident Response


    • Ability to forensically capture data from various computers, systems, and mobile devices

    • Ability to identify processes and actions that occurred on devices and operating systems

    • Ability to conduct a comprehensive and forensically-sound investigation

    • Ability to document and explain technical details in a concise, and understandable manner


  • Malware Analysis
    • Conduct both dynamic and static analyses of suspicious code to create signatures that indicate its presence

    • Document malware threats and identify procedures to avoid them or eliminate

    • Analyze programs and software using investigation programs to identify threats

    • Ability to document and explain technical details in a concise, and understandable manner


  • Reverse Engineering
    • Performing static and dynamic code analysis of malicious Windows executables

    • Reverse engineering malware, data obfuscators, or ciphers

    • Ability to use various compilers, GNU’s, Intel’s, PGI’s, CAP’s

    • Ability to document and explain technical details in a concise, and understandable manner


  • Penetration testing
    • Possess an intermediate to expert proficiency in Python, Perl, PowerShell or Bash

    • Develop comprehensive reports and presentations for penetration tests or red team engagements.

    • Possess knowledge of vulnerabilities and exploits outside of standard tool suites

    • Ability to document and explain technical details in a concise, and understandable manner



 

  • Data Analytics/Machine Learning


    • Ability to develop pattern from data or extract rich information from data analysis

    • Ability to configure systems to learn from data, identify patterns and make decisions with minimal human intervention

    • Ability to document and explain technical details in a concise, and understandable manner


  • Coding in PowerShell, Python, or equivalent
    • Scripting language experience (VBScript, JavaScript, Perl, and Python, WMI, and Batch.)

    • Experience/knowledge of performance engineering in large environments

    • Problem-solving and good analytical skills

    • Ability to document and explain technical details in a concise, and understandable manner



 

GENERAL CHARACTERISTICS:

  • Candidate will be a proactive self-starter

  • Candidate will require little to no immediate supervision or day to day tasking

  • Candidate will possess excellent decision-making skills.

  • Candidate will demonstrate flexibility and possess the willingness to support shift work if needed.

  • Candidate will possess excellent ability to collaborate as a team and possess excellent interpersonal skills.

  • Candidate will possess excellent oral and written communication skills and be able to interact with senior levels of management.

  • Experience working in Cybersecurity with a Bachelor’s Degree or equivalent experience in a technical field.

  • Desired candidates have GIAC or other security certification.

  • Possesses experience supporting the Intelligence Community (IC)

  • Experience analyzing host based security events and indicators

  • Experience analyzing network based security events and indicators

  • Experience working in a SOC and supporting incident response

  • Experience with supporting the Joint Worldwide Intelligence System (JWICS).

  • Knowledge of cloud architecture.

  • Knowledge of virtualization capabilities

 

CLEARANCE:

 Must possess an active TS clearance (SCI preferred) and ability to obtain a Q/SCI clearance.