Cyber Threat Emulation & Analyst

 STS Systems Support, LLC. (SSS) is seeking a Cyber Threat Emulation & Analyst

• DoDD 8570.01‐M/8140.01 I AT Level III CND
• Active TS/SCI
• Five years' of penetration testing experience. BA/BS or MA/MS
• Five (5) years of penetration testing experience.
• Demonstrated advanced knowledge of cyber security operations with master of two or more of the following: attack surface management, Security Operations Center (SOC) operations, Intrusion Detection/Intrusion Prevention Systems (IDS/IPS), Security Information and Event Management (SIEM) use, threats (including Advanced Persistent Threat (APT), insider), vulnerabilities, and exploits; incident response, investigations and remediation.
• Experience with PowerShell, BASH or Python scripting/programming language.
• Must have a strong understanding of Linux Operating System.
• Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)

Duties:

• Conduct both automated and manual enterprise vulnerability assessments, including conducting regular patch & configuration vulnerability assessments as directed by operational flight leads.
• Conduct Cyber Threat Emulation operations, and coordinate with security teams to strengthen the overall security posture of the AFNet and AFIN various tools and capabilities.
• Test for real‐time security vulnerabilities, conduct assessments, and assess vulnerability risk and impact.
• Continuously develop and maintain safe and valid procedures to actively test Enterprise defensive measures. (CDRL A007 & A008)
• Develop mitigations, policies, and procedures to coordinate with internal teams. (CDRL A007)
• Work with incident response team to develop response policies and procedures.
• Generate threat intelligence indicators during the course of Cyber Threat Emulation operations and provide reports back to operators. (CDRL A008)
• Coordinate with internal and external intelligence teams in order to replicate threat actor (TA) Techniques, Tactics, and Procedures (TTPs).
• Research & Evaluate threats and vulnerabilities to assist in the prioritization of remediation actions.
• Utilize knowledge and understanding of the Cyber Threat Framework (ODNI) and production of Threat Emulation findings.
• Utilize the MITRE ATT&CK framework to perform cyber security operations testing, and develop improvements based upon adversary behavior.
• Formulate, lead and persuade individuals, large teams and communities on ideas, concepts, and opportunities.
• Leverage research, frameworks, and best practices on the latest exploits and security trends and currency on industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
• Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
• Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
• Provide information to operational leaderships tasking as required as it relates to CTE actions