Defensive Counter Cyber - DCC

STS Systems Support, LLC (SSS) is seeking a Defensive Counter Cyber - DCC – Senior

Requirements:

• DoDD 8570.01‐M/8140.01 I AT Level III CND
• Active TS/SCI
• More than 5 years of experience with extensive knowledge of operating systems fundamentals. BA/BS or MA/MS

• More than five (5) years of experience with extensive knowledge of Operating systems fundamentals (Windows and/or Unix/Linux), System administration (Windows and/or Unix/Linux), Network traffic analysis, Penetration testing, Network security, Incident response & Incident response handling, Computer and network forensics, Vulnerability and malware analysis.
• Extensive knowledge of network firewalls, computer and server log analysis, computer network servers (DNS, proxy, e‐mail, domain controller, file server, Active Directory) and analysis of their logs
• Extensive knowledge of digital evidence collection, handling and security
• Experience with computer incident response and analysis and report dissemination
• Extensive knowledge and experience with network packet capture and analysis software such as WireShark (Ethereal) and Snort
• Experience with standard DoD network topology and DMZ boundary protection
• Experience with system analysis software (i.e. EnCase/EnCase Enterprise or FTK), software coding and debugging, and the virtual machine (VM) environment.
• Expert knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)

Duties:

• Perform threat hunting for suspicious activity based on anomalous activity and indicators of compromise from various intelligence sources and toolsets.
• Comply with 3rd party MOU/MOA monitoring and reporting requirements. (CDRL A002)
• Identify intrusions and vulnerabilities and recommend mitigation strategies and techniques to secure networks.
• Identify, analyze and develop defensive counter cyber measures to thwart advanced persistent threats and intrusions of AF networks, domains and enclaves.
• Conduct and support Defensive Counter Cyber Operations to interactively search for Advanced Persistent Threats (APT) and Indicators of Compromise (IOC) using enhanced data collection and analysis methods.
• Provide incident response impact assessments.
• Produce network security posture assessments. (CDRL A008)
• Analyze systems for suspicious activities related to the DCO mission
• Determine exploitation methods and attack vectors.
• Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
• Create and document metrics for reporting and analysis to improve weapon system processes, procedures, and mission execution. (CDRL A009)
• Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
• Provide requested information to operational flight commander as it relates to the Incident Response processes and procedures.
• Utilize the Mitre ATT&CK Matrix in performance of duties.
• Plan hypothesis‐based threat hunt missions. Utilize current Cyber Threat Intel team provided information in threat prioritization/hunt creation.
• Execute hunt mission within specified cyber terrain.
• Coordinate with ESM and Content Development to automate threat hunts and/or develop standing detections for threat hunts.
• Request Tactical Validation and Assessment (TVA) to validate hunt techniques and/or created alerting mechanisms.
• Identify and report coverage gaps in detection and weapon system visibility/capability.
• Develop hypothesized schemes‐of‐maneuver of adversary behavior as needed for hunt missions in coordination with Cyber Threat Intel team.
• Leverage the MITRE ATT&CK matrix to map adversarial TTPs to current security coverage within specified cyber terrain.
• Develop threat hunts for emerging cyber threats, to include 0‐day proof‐of‐concepts, CVE exploitation, and adversary TTPs.
• Organize and analyze collected data to determine trends, perform long‐tail and frequency analysis of host and network artifacts, and baseline enterprise activity.