Security Analyst/Cyber Defender
Are you interested in Information Assurance and Cyber Defense or have you ever worked in or had aspirations to oversee Cyber Defense operations? AECOM is looking for someone to employ Defense-in-Depth security strategies across an Enterprise-wide network.
The Security Analyst/Cyber Defender is responsible for maintaining the security, integrity and robustness of a portion of the DoD Global Information Grid (GIG). This includes the infrastructure associated with the GIG (routers and switches), the boundary protection devices (firewalls and proxy servers), intrusion detection devices, software antivirus and anti-spam services and core services within a Network Operations Security Center (NOSC).
WORKING HOURS: Shift flexibility mandatory.
- · Cyber Defenders oversee intrusion detection, boundary protection, and internal network monitoring and vulnerability assessment operations to defend the network
- · They promptly respond to internal/external threats on a 24/7 presence to deliver instant analysis of all network vulnerabilities and intrusions
- · They invoke incident response and triage measures combating adversarial Tactics, Techniques and Procedures and mitigate nefarious actions by, for example, “caging” a system or implementing network IP blocks
- · They develop a network defense visibility display, direct time sensitive adjustments to the network security posture to minimize or counter operational risk, and collect and store the data and metrics necessary to conduct Operational Risk Management (ORM)
- · They research and investigate current and emerging threats and provide leadership with guidance on how to mitigate those threats.
- · They also direct security measures such as identification/authentication controls and intrusion detection for the NOSC or sites under their control
- · In addition, they maintain status of boundary protection configurations and advise on the utilization of tools and procedures in order to sustain information security, integrity, and availability.
- · They oversee network availability and network management operations and are responsible for collecting and archiving the data necessary to conduct detailed infrastructure analysis, producing time-sensitive displays and threshold alerts, generating ad hoc queries for network assistance, and developing course of action scenarios
- · They maintain a “watch” on network performance characteristics and infrastructure centers of gravity, and recommend adjustments
- · They centrally monitor available network resources ensuring efficient use and direct disaster recovery and contingency planning measures
- · Must be able to successfully pass a Drug Test
- · Must have an active DoD Security Clearance or ability to obtain a clearance
- · Achievement of Security+ certification mandatory within 90 days of start
- · Achievement of ITILv3 certification mandatory within 90 days of start
- · Experience with:
- Analyzing Firewall logs
- Analyzing Proxy logs
- Analyzing Windows Event and Security logs
- Network Topologies
- Network Operations health monitoring tools
- Intrusion Prevention/Detection Systems (IPS/IDS)
- Basic understanding of TCP/IP
- 2 year understanding of Networked Enterprise
- · Experience with Host Based IDS (HIDS)
- · Experience with ePolicy Orchestrator (HBSS)
- · Experience with Checkpoint, Sidewinder, PIX firewall
- · Experience with EnCase Forensic suite
- · Experience with Network Access Control (NAC)
- · Experience with Remedy Trouble Ticketing System for Incident tracking
- · Experience with Vulnerability Assessment, Patching, Remediation
- · Experience with Anti-Virus/Anti-Malware systems
- · Familiarity with DoD Networks and the Combat Infrastructure Transport System architecture
- · Certification or training in Certified Ethical Hacker (CEH) or CISSP
- · 3-5 Years experience as Systems Administrator in an Enterprise Environment
- A Conversation on Cyber Security (spaceandcyber.wordpress.com)