Share Email Opening Title Cyber Security Specialist - Senior  Category Information Technology   Description The Cyber Security Specialist – Senior will perform a variety of routine project tasks applied to specialized Cyber Security problems. Additional Responsibilities Include, but are not Limited To: Identified security flaws in computing platforms and applications and devise strategies and techniques to mitigate identified cyber security risks. Perform application and network penetration testing and wireless security assessments. Apply offensive cyber security testing techniques, coordinate testing projects with internal and external system owners.  Report the nature of identified cyber security risks and recommends risk mitigation measures to improve cyber security posture of the enterprise.  Assist with proposal development, if necessary.  Perform other duties, as assigned.   Threat Hunting Supplement DLA CERT’s Threat Hunting Team. This support will work to enhance the capabilities of DLA CERT to identify advanced persistent threats or low and slow attacks being performed against the DLA network or a cloud environment hosting DLA applications. The Threat Hunt Team will process Warning Intelligence, develop threat hypothesis, research possible targets and hunt through the environment. During hunts the team will pass along potential incident findings to the Incident Response Team for action. At the conclusion of each hunt the team will provide details of what was discovered in a report as well as new information related to the initial Warning Intelligence to enhance the CSSP communities understanding of the threat. Process Warning Intelligence or Open Source Intelligence provided by the DLA CERT Fusion Cell, JFHQ DODIN or other entities as applicable. Collaborate with members of the Incident Response Team, the Fusion Cell and any other applicable groups to construct a threat hypothesis based on the intelligence provided. Provide recommendations for hunting targets within DLAs Area of Responsibility (AoR). Use tools defined in Threat Hunting SOPs and TTPs to engage in Threat Hunting exercises at the direction of DLA CERT leadership. During the course of threat hunting exercises the Penetration Tester will identify potential detection signatures to assist in identifying threats to DLA’s environment and provide them to the CERT Cyber Defense Analysis Team for content creation. During the course of threat hunting exercises the contractor will submit an incident to the Incident Response Team if a potentially malicious cyber event is discovered. Rules of Engagement will be followed and all contract employees assigned to perform threat hunting will stay within scope for all threat hunting exercises At the conclusion of each exercise the team will construct a final report which will include: What action or intelligence initiated the threat hunt process. What was the working hypothesis for the hunt. Any incidents that were generated based on the hunt. Countermeasures created based on the hunt. Lessons Learned from an internal procedural perspective. Enhancements to initial intelligence. Make recommendations on improvements to tools and recommend any new tools necessary to the performance of threat hunting. All actions taken while performing a threat hunting exercises will be fully documented following guidelines provided in the Threat Hunting SOP.   Malware Analysis & Forensics for Incident Response Provides extended support directly to the Incident Response group for high level analysis of cyber security incidents. Will assist in improving and maintaining a malware lab environment, perform detailed malware analysis and perform forensics analysis on cyber security incidents as required. This support is important to maintain across all shifts to permit immediate action. Additionally, this support shall include analysis of alerting over cyber security tools in order to determine trends and correlate data to find possible threats to DLA’s environment or within a cloud environment hosting DLA applications. Malware Analysis Maintain the malware lab used by DLA CERT. Maintain SOPs for the use of the malware lab and performing malware analysis Develop malware analysis reports to be included in CERT incidents as well as to be shared with the CSSP community at large. Indicators of Compromise Screenshots showing execution of malware Explanation of malware execution steps Threat level Recommended mitigations Associated Incident information Contribute to After Action Reports for DLA CERT incidents regarding malware. Generate Lessons Learned relating to malware analysis and reporting in accordance with DLA CERT SOPs. Forensics Analysis Act as the point on all shifts to perform forensics analysis on endpoint devices discovered during the course of an incident. Recommend equipment and software to enhance DLA CERT’s forensics analysis capability. Maintain SOP for performing forensics on endpoint devices Ensure forensically sound acquisition and preservation of data Develop forensics analysis reports to be included in CERT incidents as well as to be shared with the CSSP community at large as appropriate. Reports will include but are not limited to: Indicators of Compromise discovered. Details of files reviewed during analysis and artifacts discovered. Recommended mitigations. Conclusion from findings. Associated Incident Information. Contribute to After Action Reports for DLA CERT incidents regarding malware. Generate Lessons Learned relating to malware analysis and reporting in accordance with DLA CERT SOPs. Additional Incident Response Activities Supplement general 24x7x365 to include weekends and holidays incident response coverage for DLA. Review alerts within DLA’s SEIM and other cyber security tools to identify trends, correlate events and/or identify abnormalities. Collaborate with the Cyber Defense Analysis Team, the Fusion Cell and other groups as appropriate to investigate suspicious and malicious activity and improve incident response tools. Maintain documentation of day to day activities in accordance with DLA CERT SOPs and TTPs. Support efforts to enhance DLA CERT Incident Response’s capabilities with Tanium, monitoring threat events within Tanium for action. Maintain awareness of CJCSM 6510.01 and DoDI 8530 requirements to perform CSSP services. Correlate data from multiple sources to include host & network based IDS & IPS, available log and packet capture data, data pulled by forensics tools, government & open source intelligence, and data from custom tools. During the handling of an incident the contractor shall thoroughly document each action taken in an operations log accessible to all DLA CERT personnel to ensure continuity of operations for each incident. Provide knowledge and expertise from contractor personnel to DLA field sites and DLA CERT personnel to enhance incident handling operations.   Full-Time/Part-Time Full-Time   Requisition Category   Req Number INF-20-00060   Location Columbus, OH   About the Organization Here at Sawdey Solution Services, an ISO 9001-14001 certified and CMMI-SVC v2 Level 3 appraised corporation, has built a nationwide and global footprint as a leading government contracting organization. Specializing in cybersecurity, systems engineering, and operational support, Sawdey invites you to be a part of a team that's at the forefront of securing our nation. Operating successfully since 2001, we are a Woman Owned/Service-Disabled Veteran Owned Business (WOSB/SDVOSB). Our mission is to provide employees with the best experience in a people focused, continuous process improvement environment. We are extremely proud of the culture we have created and encourage all prospective applicants to take a look at what other applicants and employees are saying about us: Indeed Reviews: Sawdey Indeed Reviews Glassdoor Reviews: Sawdey Glassdoor Reviews Don't just take our word (and others' words) for it We invite you to come experience Sawdey Solution Services!   EOE Statement We are a Disabled-Veterans-41 CFR 60 1.4, Equal Opportunity Employer. Devoted to creating a diverse and friendly workplace, we do not discriminate against any employee or applicant because of race, age, sex, color, physical or mental disability, religion, sexual orientation, gender identity, marital status, national origin, or veteran status. Our goals and beliefs are that diverse backgrounds and experiences empower and enable us to offer our customers an unmatched level of service. People of color, women, LGBTQIA+, veterans, and persons with disabilities are encouraged to apply!   This position is currently not accepting applications. To search for an open position, please go to http://SawdeySolutionServices.appone.com WE ALSO RECOMMEND Other Jobs Within Same Category LAN Engineer - Senior in Bremerton, WA Posted on: 4/17/2024 [Apply Now] Technical Lead - Senior in Tampa, FL Posted on: 4/3/2024 [Apply Now] Maintenance Software Developer in Fort Campbell, KY Posted on: 4/2/2024 [Apply Now] Maintenance Software Developer in Shalimar, FL Posted on: 4/2/2024 [Apply Now] Information Technology System Engineer (Tactical) – Mid in Coronado, CA Posted on: 3/29/2024 [Apply Now] Other Jobs Within 60 Miles LAN Engineer - Senior in Columbus, OH Posted on: 3/9/2023 [Apply Now] DLA Splunk Enterprise Log Management (ELM) Cybersecurity Engineer in Columbus, OH Posted on: 8/16/2023 [Apply Now] Cybersecurity Engineer – Insider Threat Protection in Columbus, OH Posted on: 8/16/2023 [Apply Now] Cyber Security Engineer I in Columbus, OH Posted on: 1/19/2024 [Apply Now] Cyber Security Engineer III in Columbus, OH Posted on: 1/19/2024 [Apply Now] Follow us See who works here:

 

Click here for technical assistance.