Senior Computer Network Operations (CNO) Analyst Job in Northern, Virginia US
Senior Computer Network Operations (CNO) Analyst
• Help lead the GSSC team and assist the customer in developing measures of effectiveness (MOEs) and processes to conduct battle damage and effectiveness assessment, detect and assess likely enemy mitigation efforts, and identify potential collateral effects.
• Assist the customer in identifying authorities (DoD or Interagency) for all proposed COAs and identify specific interagency and potential coalition support and actions required.
• Use customer-specific applications to produce time-sensitive intelligence reports to military and national consumers.
• Review threat data from various sources, including appropriate Intelligence databases, to establish the identity and modus operandi of hackers active in customer networks and posing potential threat to customer networks.
• Correlate data into standardized reports, develop cyber threat profiles, produce cyber threat assessments based on entity threat analysis.
• Coordinate cyber threat tracking with counterpart organizations, and populate databases and web pages with critical CNO information needed for customer operations.
• Recommend courses of action based on analysis of both general and specific threats.
• Deliver reports, briefings, and assessments to customer leadership, facilitating in-depth technical and analytical understanding of cyber threat entities and environments.
• Support information assurance and cyber threat mitigation decision making.
Analyst will help lead reporting performed by Army contractor analysts in accordance with approved procedures. Position requires analyst capable of manipulating SIGINT databases and the skills to create finished procedures.
Required Skills:
• Technical expertise and experience in Digital Network Analysis and knowledge of the functions and capabilities of common components in IT architectures.
• Solid knowledge of system and network administration, configuration best security practices, and configuration standards as they apply to IT security. Experience in drafting and formatting technical threat intelligence reports, and conducting research using databased and unindexed information. Knowledge of research management procedures.
• Advanced understanding of computer incident response procedures (proper collection, thorough investigation, unequivocal validation, and internal escalation) and protocols. Understand how to correctly document, triage, and respond timely to affected stakeholders in the course of daily analysis and response duties.
• Working knowledge of system and network exploitation, attack pathologies and intrusion techniques; denial of service attacks, man in the middle attacks, malicious code delivery techniques, fuzzing, automated network vulnerability and port scanning, botnets, password cracking, social engineering, network and system reconnaissance.
• Experience using the following tools: Pinwale, Pathfinder, Anchory, Marina, Tuningfork, Agility, Maui, TKB, NKB, and DNI Presenter.
• Familiarity using the following tools: Cadence, Surrey, TrafficThief, CNE Portal and X-Keyscore. Analyst must also have working knowledge of collection systems and tools used to manage requirements along with the ability to develop new requirements and to provide assessments as needed on existing requirements.
• Demonstrated training / experience using Microsoft Windows 2000 (Server) and 2003 (Server), Microsoft Windows XP, UNIX, Linux and/or Solaris Operating Systems.
• Demonstrated training / experience / knowledge of Operating System theory including kernel functions, registry functions, process / thread handling, memory management, Remote Procedure Calls, Dynamic Link Libraries, file system manipulation, and application startup procedures.
• Demonstrated training / experience / knowledge of firewalls and intrusion detection / prevention systems.
• Demonstrated training / experience / knowledge of buffer overflows and other code vulnerabilities, rootkit / malware discovery and removal, cross-site scripting, and incident response techniques, etc.
• Demonstrated training / experience in computer networking concepts. Solid understanding of Transmission Control Protocol/Internet Protocol (TCP/IP), User Datagram Protocol (UDP), Domain Name System (DNS), Address Resolution Protocol (ARP), Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Interior Gateway Routing Protocol (IGRP), etc.
• Demonstrated knowledge of typical network services and their associated ports (File Transmission Protocol (FTP), Secure Shell (SSH), TELNET network protocol, Network Basic Input/Output System (NetBIOS), Remote Procedure Call (RPC), Simple Mail Transmission Protocol (SMTP), Post Office Protocol 3 (POP3), Trivial File Transmission Protocol (TFTP), Secure Socket Layer (SSL), etc).
Experience/Special Knowledge Required (Desired Skill Sets):
• Past experience as a Network and/or System Administrator, Computer Emergency Response Team (CERT), Red Team (Penetration Test), or Blue Team (Vulnerability Assessment) member.
• Incident Handling experience and forensic or digital media analysis training desired.
• Deep familiarity with Linux and Unix command line interface and associated tools such as bash, sed, awk, grep, find etc.
• Expert understanding of TCP/IP and the functioning of its component protocols, ability to read, analyze, and parse packet dumps using various toolsets such as tcpdump, wireshark, editpcap, etc. Understanding of the OSI model and what protocols function at what layers is a plus.
• Definite plus is basic scripting skills for the automation of analysis in various systems using a language such as bash, Perl, Python, Ruby, or other preferred tools. Also, the ability to develop new IDS/IPS signatures for the purpose of detecting emerging threats.
• Expertise in the operation and theory behind Intrusion Detection Systems and Intrusion Prevention Systems.
• Intermediate to advanced malicious code analysis capabilities. Should be able to follow the thread of an exposure, determine the level of success of the exposure, understand what the malicious code was attempting to do (either through automated sandboxing tools or manual static analysis of the malicious payload), and execute the appropriate response to the exposure.
Training / Education:
• Intermediate Digital Network Analysis (IDNA) and / or Advanced Digital Network Analysis (ADNA)
• B.S. (Master’s preferred) in Computer Science / Engineering, Information Systems Management, Information Assurance, Network Security, or other technical, IT-related field or equivalent work experience.
Programming and Scripting / Web Development (Require at least one of the following):
• Demonstrated training / experience / knowledge of C, C++, Perl, Java, Assembly Language, Hypertext Markup Language (HTML), JavaScript.
Certifications:
• Require at least one of the following: COMPTIA A+, Security+, Network+, Linux+.
• Very desirable to have either: Cisco Certified Network Associate (CCNA) or Intermediate Digital Network Analysis (IDNA).
• Desirable to have:
o CISCO: Cisco Certified Network Professional (CCNP), Cisco Firewall Specialist, Cisco Intrusion Prevention Specialist (Cisco IPS)
o Microsoft: Microsoft Certified Professional (MCP), Microsoft Certified System Administrator (MCSA), Microsoft Certified System Engineer (MCSE)
o RedHat Linux: RedHat Certified Technician (RHCT), RedHat Certified Engineer (RHCE)
o Global Information Assurance Certification (GIAC): GIAC Security Essentials Certification (GSEC), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH)
o Certified Ethical Hacker
o Certified Information Systems Security Professional (CISSP)
o Other IT industry certifications in Operating Systems, networking, and network security
Other:
• An understanding of the United States SIGINT System is required.
• Top Secret clearance with SCI accesses.
• Willing to submit to a Counter-Intelligence polygraph.
This is a great opportunity to join a winning team. CGI offers a competitive compensation package with opportunities for growth and professional development. Benefits for full-time, permanent members start on the first day of employment and include a paid time-off program and profit participation and stock purchase plans.
We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted.
No unsolicited agency referrals please.
WE ARE AN EQUAL OPPORTUNITY EMPLOYER.
Please click here to Apply On-Line.
Cliquez svp ici pour postuler en ligne.
Open all references in tabs: [1 - 3]