Defensive Counter Cyber - DCC - Military Veterans

STS Systems Support, LLC (SSS) is seeking a Defensive Counter Cyber - DCC – Senior

Requirements:

• DoDD 8570.01‐M/8140.01 I AT Level III CND



• Active TS/SCI



• More than 5 years of experience with extensive knowledge of operating systems fundamentals. BA/BS or MA/MS



• More than five (5) years of experience with extensive knowledge of Operating systems fundamentals (Windows and/or Unix/Linux), System administration (Windows and/or Unix/Linux), Network traffic analysis, Penetration testing, Network security, Incident response & Incident response handling, Computer and network forensics, Vulnerability and malware analysis.



• Extensive knowledge of network firewalls, computer and server log analysis, computer network servers (DNS, proxy, e‐mail, domain controller, file server, Active Directory) and analysis of their logs



• Extensive knowledge of digital evidence collection, handling and security



• Experience with computer incident response and analysis and report dissemination



• Extensive knowledge and experience with network packet capture and analysis software such as WireShark (Ethereal) and Snort



• Experience with standard DoD network topology and DMZ boundary protection



• Experience with system analysis software (i.e. EnCase/EnCase Enterprise or FTK), software coding and debugging, and the virtual machine (VM) environment.



• Expert knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)

• Perform threat hunting for suspicious activity based on anomalous activity and indicators of compromise from various intelligence sources and toolsets.



• Comply with 3rd party MOU/MOA monitoring and reporting requirements. (CDRL A002)



• Identify intrusions and vulnerabilities and recommend mitigation strategies and techniques to secure networks.



• Identify, analyze and develop defensive counter cyber measures to thwart advanced persistent threats and intrusions of AF networks, domains and enclaves.



• Conduct and support Defensive Counter Cyber Operations to interactively search for Advanced Persistent Threats (APT) and Indicators of Compromise (IOC) using enhanced data collection and analysis methods.



• Provide incident response impact assessments.



• Produce network security posture assessments. (CDRL A008)



• Analyze systems for suspicious activities related to the DCO mission



• Determine exploitation methods and attack vectors.



• Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.



• Create and document metrics for reporting and analysis to improve weapon system processes, procedures, and mission execution. (CDRL A009)



• Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)



• Provide requested information to operational flight commander as it relates to the Incident Response processes and procedures.



• Utilize the Mitre ATT&CK Matrix in performance of duties.



• Plan hypothesis‐based threat hunt missions. Utilize current Cyber Threat Intel team provided information in threat prioritization/hunt creation.



• Execute hunt mission within specified cyber terrain.



• Coordinate with ESM and Content Development to automate threat hunts and/or develop standing detections for threat hunts.



• Request Tactical Validation and Assessment (TVA) to validate hunt techniques and/or created alerting mechanisms.



• Identify and report coverage gaps in detection and weapon system visibility/capability.



• Develop hypothesized schemes‐of‐maneuver of adversary behavior as needed for hunt missions in coordination with Cyber Threat Intel team.



• Leverage the MITRE ATT&CK matrix to map adversarial TTPs to current security coverage within specified cyber terrain.



• Develop threat hunts for emerging cyber threats, to include 0‐day proof‐of‐concepts, CVE exploitation, and adversary TTPs.



• Organize and analyze collected data to determine trends, perform long‐tail and frequency analysis of host and network artifacts, and baseline enterprise activity.