OVERVIEW

Carter-Lambert Divisions is actively seeking Cybersecurity Hunt & Threat Analysis (CHTA) Analysts to join our Department of Veteran Affairs team in support of the Office Information Security (OIS) Cybersecurity Operations Center (CSOC)

Multiple work locations available, including - Hines, IL; Martinsburg, WV; Washington, DC

1^st Shift Available

Job Duties

•        Provide proactive Advanced Persistent Threat (APT) and Focused Operator (FO) hunting, incident response support, and advanced analytic capabilities

•        Profile and track APT/FO actors that pose a threat in coordination with threat intelligence support teams

•        Review and analyze log files from various sources such as SIEM, packet captures, and host logs to report any unusual or suspect activities

•        Develop and execute custom scripts to identify host-based indicators of compromise

•        Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks

•        Determine scope of intrusion identifying the initial point of access or source

•        Recommend remediation activities to secure the source or initial point of access of intrusion

•        Communicate effectively to all government customers and stakeholders

•        Provide executive level cybersecurity strategic recommendations along with security engineering recommendations and custom solutions to counter adversarial activity

•        Provide technical summary of findings in accordance with established reporting procedures

•        Provide identification of obfuscation techniques

•        Knowledge of and ability to apply cybersecurity and privacy principles to organizational requirements as it applies to confidentiality, integrity, availability, authentication, and non-repudiation

•        Knowledge of and ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies

•        Knowledge of and ability to utilize cyber defense and vulnerability assessment tools

•        Knowledge of vulnerability information dissemination sources such as alerts, advisories, and bulletins

•        Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities

•        Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations

•        Knowledge of adversarial Tactics, Techniques, and Procedures (TTPs)

•        Knowledge of the common attack vectors on the network layer

•        Knowledge of different classes of attacks such as passive, active, insider, close-in, distribution attacks

•        Knowledge of cyber attackers like script kiddies, insider threat, non-nation state sponsored, and nation sponsored

•        Knowledge of cyber-attack stages such as reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks

•        Skilled in using security event correlation tools

•        Knowledge of and ability to utilize malware analysis concepts and methodologies

•        Participation in rotational on-call support as needed

•        Potential travel limited to about 5%, if needed

Qualifications

Required Education and Experience:

•        Bachelor's degree in technology-related field - equivalent experience may be considered in lieu of a degree

•        Experience with common threat hunting solutions including Splunk, packet analysis (e.g., Wireshark), Netflow, QRadar or other SIEMs

•        An understanding of the MITRE ATT&CK Framework and Cyber Kill Chain methodologies

•        Strong experience with threat hunting advanced persistent threats

•        Scripting experience, with Python and/or PowerShell is preferred

•        Skilled in developing and deploying signatures

•        Skilled in detecting host and network-based intrusions via intrusion detection technologies

•        Skilled in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes

•        Skilled in collecting data from a variety of cyber defense resources

•        Skilled in recognizing and categorizing types of vulnerabilities and associated attacks

•        Skilled in reading and interpreting signatures like snort

•        Skilled in performing packet-level analysis

•        Able to develop content for cyber defense tools

•        Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources

•        Coordinate with enterprise-wide cyber defense staff to validate network alerts

•        Perform cyber defense trend analysis and reporting

•        Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack

•        Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts

•        Ability to determine TTPs for intrusion sets

•        Ability to conduct research, analysis, and correlation across a wide variety of all source data sets for indications and warnings

•        Ability to reconstruct a malicious attack or activity based off network traffic

•        Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave

•        Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan

•        Analyze and report organizational security posture trends

•        Analyze and report system security posture trends

•        Monitor external data sources such as cyber defense vendor sites, Computer Emergency Response Teams (CERTs), and Security Focus to maintain cyber defense threat condition and determine which security issues may have an impact on the enterprise

•        Provide cybersecurity recommendations to leadership based on significant threats and vulnerabilities

•        GIAC Certified Incident Handler (GCIH) (Desired, NOT required)

•        GIAC Certified Forensics Examiner (GCFE) (Desired, NOT required)

•        GIAC Certified Intrusion Analyst (GCIA) (Desired, NOT required)

•        GIAC Certified Forensic Analyst (GCFA) (Desired, NOT required)

•        GIAC Certified Network Forensic Analyst (GNFA) (Desired, NOT required)

•        GIAC Cyber Threat Intelligence (GCTI) (Desired, NOT required)

•        GIAC Reverse Engineering Malware (GREM) (Desired, NOT required)

•        Remedy ticketing system experience

•        Service Now ticketing experience

Other Experience:

•        Excellent analytical and problem-solving skills

•        Ability to function in multiple capacities and adapt as required

•        Strong verbal and written communication skills

•        Strong time management skills with attention to detail

•        Strong critical thinking skills

•        Strong interpersonal and collaborative skills, with the ability to work in a team environment

•        Ability to communicate effectively to both technical and non-technical audiences

Benefits

Carter-Lambert Divisions attracts and retains talent of the highest caliber by offering opportunities to work in exciting and challenging environments surrounded by bright minds. Our employees are our most prized asset and are rewarded with highly competitive compensation and a top-tier benefits package, including:

• 401(k) with company contribution
• Dental Insurance
• Health Insurance
• Vision Insurance
• Paid Time Off

About Carter-Lambert

Carter-Lambert Divisions offers a mission-focused solutions to clients-facing highly complex IT, digital, cyber security, Logistical, and Construction challenges. Our success is achieved by maintaining an environment of trust where people are encouraged to reach their fullest potential. Every candidate that applies to Carter-Lambert Divisions brings a unique prospective to the team, and because our diverse teams, we consistently meet our goals and exceed client expectations. If you consider yourself to be a highly-motivated person with a willingness to learn, we invite you to apply today to join our team!

We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.