Job Details
Zachary Piper Solutions provides remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based and cloud-based cybersecurity analysis capabilities. Team personnel provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity. We are seeking Cyber Network Defense Analysts (CNDA) to support this critical customer mission.Responsibilities:* Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources* Coordinate with enterprise-wide cyber defense staff to validate network alerts* Perform management duties as required to support the team, projects and analysts* Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment* Perform cyber defense trend analysis and reporting* Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack* Provide daily summary reports of network events and activity relevant to cyber defense practices* Receive and analyze network alerts from various sources within the enterprise and determine possible causes of alerts* Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities* Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity* Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information* Identify and analyze anomalies in network traffic using metadata* Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools* Identify applications and operating systems of a network device based on network traffic* Reconstruct a malicious attack or activity based off network traffic* Identify network mapping and operating system (OS) fingerprinting activities* Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclaveRequired Skills/Clearances:* U.S. Citizenship* Active TS/SCI clearance* Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability* 8+ years of direct relevant experience in cyber defense analysis using leading edge technologies and industry standard cyber defense tools-* Experience successfully developing and deploying signatures* Experience detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort)* Experience implementing incident handling methodologies* Experience implementing protocol analyzers* Experience collecting data from a variety of cyber defense resources* Experience reading and interpreting signatures (e.g. snort)* Experience performing packet-level analysis* Experience conducting trend analysisDesired Skills:* Python programming experience* Strong math and science background* Experience with Carnegie Mellon SiLK tool suiteRequired Education:BS Computer Science, Cyber Security, Computer Engineering, or related degree; or HS Diploma & 10 years of network investigations experience.Desired Certifications:* One or more of the following professional certifications: GNFA, GCIH, GCIA, GSEC, CASP+, CySA+, PaLMS, FedVTE* GSEC (SANS401), Arcsight (or other SEIM solution), Network+, Security+