Defensive Counter Cyber - DCC

STS Systems Support, LLC (SSS) is seeking a Defensive Counter Cyber - DCC – Senior Requirements: DoDD 8570.01‐M/8140.01 I AT Level III CND Active TS/SCI More than 5 years of experience with extensive knowledge of operating systems fundamentals. BA/BS or MA/MS More than five (5) years of experience with extensive knowledge of Operating systems fundamentals (Windows and/or Unix/Linux), System administration (Windows and/or Unix/Linux), Network traffic analysis, Penetration testing, Network security, Incident response & Incident response handling, Computer and network forensics, Vulnerability and malware analysis. Extensive knowledge of network firewalls, computer and server log analysis, computer network servers (DNS, proxy, e‐mail, domain controller, file server, Active Directory) and analysis of their logs Extensive knowledge of digital evidence collection, handling and security Experience with computer incident response and analysis and report dissemination Extensive knowledge and experience with network packet capture and analysis software such as WireShark (Ethereal) and Snort Experience with standard DoD network topology and DMZ boundary protection Experience with system analysis software (i.e. EnCase/EnCase Enterprise or FTK), software coding and debugging, and the virtual machine (VM) environment. Expert knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects) Duties:     Perform threat hunting for suspicious activity based on anomalous activity and indicators of compromise from various intelligence sources and toolsets. Comply with 3rd party MOU/MOA monitoring and reporting requirements. (CDRL A002) Identify intrusions and vulnerabilities and recommend mitigation strategies and techniques to secure networks. Identify, analyze and develop defensive counter cyber measures to thwart advanced persistent threats and intrusions of AF networks, domains and enclaves. Conduct and support Defensive Counter Cyber Operations to interactively search for Advanced Persistent Threats (APT) and Indicators of Compromise (IOC) using enhanced data collection and analysis methods. Provide incident response impact assessments. Produce network security posture assessments. (CDRL A008) Analyze systems for suspicious activities related to the DCO mission Determine exploitation methods and attack vectors. Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate. Create and document metrics for reporting and analysis to improve weapon system processes, procedures, and mission execution. (CDRL A009) Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002) Provide requested information to operational flight commander as it relates to the Incident Response processes and procedures. Utilize the Mitre ATT&CK Matrix in performance of duties. Plan hypothesis‐based threat hunt missions. Utilize current Cyber Threat Intel team provided information in threat prioritization/hunt creation. Execute hunt mission within specified cyber terrain. Coordinate with ESM and Content Development to automate threat hunts and/or develop standing detections for threat hunts. Request Tactical Validation and Assessment (TVA) to validate hunt techniques and/or created alerting mechanisms. Identify and report coverage gaps in detection and weapon system visibility/capability. Develop hypothesized schemes‐of‐maneuver of adversary behavior as needed for hunt missions in coordination with Cyber Threat Intel team. Leverage the MITRE ATT&CK matrix to map adversarial TTPs to current security coverage within specified cyber terrain. Develop threat hunts for emerging cyber threats, to include 0‐day proof‐of‐concepts, CVE exploitation, and adversary TTPs. Organize and analyze collected data to determine trends, perform long‐tail and frequency analysis of host and network artifacts, and baseline enterprise activity.