Computer Network Defense Analyst (CNDA) III at NewGen Technologies

Our Partner as a prime contractor to a US Government Customer performs investigations to develop a preliminary diagnosis of the severity of breaches. They provide remote and onsite advanced technical assistance proactive hunting rapid onsite incident response and immediate investigation and resolution using host-based network-based and cloud-based cybersecurity analysis capabilities. Contract personnel provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity. They are seeking Cyber Network Defense Analysts (CNDA) to support this critical customer mission. The Computer Network Defense Analyst uses information collected from a variety of sources to monitor network activity and analyze it for evidence of suspicious behavior. Monitoring and analysis are performed to identify and report events that occur or might occur within the network in order to protect information information systems and networks from threats. CNDAs review data collected to analyze cyber events and the network environment to find trends patterns or anomaly correlations that indicate more serious attacks or future threats. The CNDAs will recommend proactive measures to contain the incident. These proactive measurers include but are not limited to identification of intruder local changes/suspect interactions isolation in-depth digital media analysis consultation with law enforcement or counterintelligence organizations development of signatures to detect this malicious behavior and development and deployment of eradication tools.Hybrid work may be allowed for this role.ResponsibilitiesThe majority of the CNDAs time (75%) will be spent executing the following tasks:Characterize and analyze network traffic to identify anomalous activity and potential threats to network resourcesCoordinate with enterprise-wide cyber defense staff to validate network alertsDocument and escalate incidents (including events history status and potential impact for further action) that may cause ongoing and immediate impact to the environmentPerform cyber defense trend analysis and reportingPerform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attackProvide daily summary reports of network events and activity relevant to cyber defense practicesReceive and analyze network alerts from various sources within the enterprise and determine possible causes of alertsProvide timely detection identification and alerting of possible attacks/intrusions anomalous activities and misuse activities and distinguish these incidents and events from benign activitiesUse cyber defense tools for continual monitoring and analysis of system activity to identify malicious activityAnalyze identified malicious activity to determine weaknesses exploited exploitation methods effects on system and informationDetermine tactics techniques and procedures (TTPs) for intrusion setsExamine network topologies to understand data flows through the networkIdentify and analyze anomalies in network traffic using metadataConduct research analysis and correlation across a wide variety of all source data sets (indications and warnings)Validate intrusion detection system (IDS) alerts against network traffic using packet analysis toolsIdentify applications and operating systems of a network device based on network trafficReconstruct a malicious attack or activity based off network trafficIdentify network mapping and operating system (OS) fingerprinting activitiesAssist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclaveNotify designated managers cyber incident responders and cybersecurity service provider team members of suspected cyber incidents and articulate the events history status and potential impact for further action in accordance with the organizations cyber incident response planApproximately 25% of the CNDAs time will be spent executing the following tasks:Prepare and update manuals instructions and operating proceduresEvaluate established methods and procedures and prepare recommendations for changes in methods and practices where appropriatePlan and carry out difficult and complex assignments and develop new methods approaches and proceduresConduct analyses and recommend resolution of complex issues affecting the specialty areaEnsure optimal use of commercially available productsPrepare and present reportsEvaluate the effectiveness of installed systems and servicesRequirementsU.S. CitizenshipActive TS/SCI ClearanceAbility to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) SuitabilityBS Computer Science Cyber Security Computer Engineering or related degree; or HS Diploma & 7-9 years of network investigations experience5 years of direct relevant experience in cyber defense analysis using leading edge technologies and industry standard cyber defense tools- Experience successfully developing and deploying signaturesExperience detecting host and network-based intrusions via intrusion detection technologies (e.g. Snort)Experience implementing incident handling methodologiesExperience implementing protocol analyzersExperience collecting data from a variety of cyber defense resourcesExperience reading and interpreting signatures (e.g. snort)Experience performing packet-level analysisExperience conducting trend analysisDesired SkillsOne or more of the following professional certifications: GNFA GCIH GCIA GSEC CASP CySA PaLMS FedVTEGSEC (SANS401) Arcsight (or other SEIM solution) Network Security and Python programming experience would be idealStrong math and science background.Experience with Carnegie Mellon SiLK tool suiteAbout UsFor more than 20 years NewGen Technologies has solved our clients toughest IT challenges with integrity security and outstanding service by delivering both technology and talent. We have helped secure borders have used artificial intelligence (AI) to fight terror aided the identification of criminals and have helped to prevent crime through the introduction of team of Highly Cleared Specialists have hard-to-find skills and expertise in a wide spectrum of technologies to provide solutions that transform business processes and solve problems of national significance. #CJRequired Experience:IC Key Skills IDS,Network Support,Tcp/IP,LAN,Computer Networking,Windows,TCP,Perl,Telecommunication,Operating Systems,Juniper,Dns Employment Type : Full Time Experience: years Vacancy: 1