Cyber Security Engineer

• Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats.
• Develops cyber indicators to maintain awareness of the status of the highly dynamic operating environment. Collects, processes, analyzes, and disseminates cyber threat/warning assessments.
• Analyzes data/information from one or multiple sources to conduct preparation of the environment, respond to requests for information, and submit intelligence collection and production requirements in support of planning and operations.
• Conducts collection, processing, and/or geolocation of systems to exploit, locate, and/or track targets of interest. Performs network navigation, tactical forensic analysis, and, when directed, executes on-net operations.
• Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
• Investigates, analyzes, and responds to cyber incidents within the network environment or enclave.

Domain Expertise

• Knowledge of the common attack vectors.
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
• Knowledge of cyber intelligence/information collection capabilities and repositories.
• Knowledge of current and emerging threats.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural
• Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
• Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Knowledge of incident response and handling methodologies.
• Ability to design incident response for cloud service models.

Analytics Experience

• Skill in conducting trend analysis.
• Skill in using basic descriptive statistics and techniques (e.g., normality, model distribution, scatter plots).
• Skill in conducting social network analysis.
• Skill in conducting research using deep web.

Individual Skills

• Ability to perform in a problem-solving capacity including the evaluation of crisis and emergency situations
• Ability to work under close supervision, as well as the ability to take independent initiative when needed
• Ability to organize and manage efficiently
• Ability to follow technical instructions
• Ability to manage multiple tasks concurrently
• Ability to develop knowledge of, respect for, and skills to engage with those of other cultures or backgrounds
• Ability to work effectively with a variety of constituencies possessing a wide range of technical knowledge

Mindset & Behaviors

• Willingness to work on-call in the event of a security breach or other emergency.