The Leidos Defense Group has an opening for a Cyber Security Fusion Analyst on the DISA GSM-O II program supporting Joint Force Headquarters DODIN at Fort Meade.
GSM-O II provides network operations and cyber defense support to the Defense Information Systems Agency (DISA) in support of the DoD and COCOMs . In this role, you will provide support with incident handling, triage of events, network analysis and threat detection, trend analysis, metric development, vulnerability information dissemination, and the DoD CNDSP methodology
As a member of the Cyber Security Fusion Team, you will assist with:
- Identifying threats, improving security, and reducing the enterprise’s exposure of vulnerabilities.
- Leveraging an array of network monitoring and detection capabilities (including netflow, custom application protocol logging, signature-based IDS, and full packet capture (PCAP) data) to identify cyber adversary activity.
- Supporting the development of Cyber Fusion Standard, Cyber Fusion Framework and Methodology based on industry best practice and department of defense instruction, guidance, and policy.
- Performing threat informed analysis by leveraging serialized reporting, intelligence product sharing, OSINT, and open source vulnerability information to ensure prioritized plans are developed.
- Analyzing and documenting malicious cyber actors TTPs, providing recommendations and alignment to vulnerabilities and applicability to the enterprise operational environment.
- Discovering adversary campaigns, anomalies and inconsistencies in sensor and system logs, SIEMs, and other data; investigate to identify or rule out system compromises, provide written analytic summaries and attack life cycle visualizations.
- Providing risk assessments and recommendations based on analysis of technologies, threats, intelligence, and vulnerabilities.
- Recommending adjustment of countermeasures, enterprise or tactical, to account for threats impacting the DODIN.
- Recommending adjustment of prioritized enterprise focused analysis based on immediate threat identified based on intelligence and other analysis performed.
- Collecting analysis metrics and trending data, identify key trends, and provide situational awareness on these trends.
- Active DoD TS/SCI Clearance and eligible for polygraph
- Bachelor’s Degree in related discipline and 8 years of related experience. Additional experience may be accepted in lieu of degree
- Security+ Certification (or other equivalent DoD 8570 Level II certification)
- In-depth knowledge of network and application protocols, cyber vulnerabilities and exploitation techniques and cyber threat/adversary methodologies (TTPs).
- Proficiency with datasets that support analysis (e.g. passive DNS, WHOIS/registration data, system/service enumeration data, threat indicators/observables, malware analysis results, etc) and various open-source and commercial vendor portals/services/platforms that provide that data.
- Proficiency working with various types of network data (e.g. netflow, PCAP, custom application logs)
- Experience with DISA and DoD Networks.
- Skilled in building extended cyber security analytics.
- Demonstrated experience briefing Senior Executive Service (SES) and General Officer/Flag Officer (GO/FO) leadership.
- Experience in intelligence driven defense and/or cyber Kill Chain methodology.
- IAT Level III and IAM Level II+III Certifications