Jacobs Jobs

Your Impact:

Jacobs is seeking a Cyber Defense Analyst (Level 2) for a sub-contract.

The work environment is fast-paced and sometimes involves deadline pressures. The nature of the work requires a high degree of teamwork and cooperation with other members of the staff as well as individuals across the Company and Customers. Our program includes easily available process information and support from others with similar positions across the team.

Responsibilities:

• Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity.

• Generate cybersecurity cases (including event’s history, status, and potential impact for further action) and route as appropriate.

• Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses.

• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

• Perform advanced manual analysis to hunt previously unidentified threats

• Conduct PCAP analysis.

• Identify cyber-attack phases based on knowledge of common attack vectors and network layers, models and protocols.

• Apply techniques for detecting host- and network-based intrusions.

• Working knowledge of enterprise-level network intrusion detection/prevention systems and firewall capabilities.

• Understand the foundations of a hardened windows network and what native services and protocols are subject to abuse (such as RDP, Kerberos, NTLM, WMI, and SMB).

• Familiarity with fragmentation of network traffic and how to detect and evaluate fragmentation related attacks in raw packet captures.

• Conduct network – traffic, protocol and packet-level – and netflow analysis for anomalous values that may be security-relevant using appropriate tools (such as Wireshark, tshark, tcpdump).

• Understand snort filters and how they are crafted and tuned to feed IDS alerting.

• Understand system and application security threats and vulnerabilities to include buffer overflow, SQL injection, race conditions, covert channel, replay and return-oriented attacks, malicious code and malicious scripting.

• Analyze malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.

• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.

• Familiar with indications of Command and Control (C2) channels and what strategies attackers use to bypass enterprise defenses from a compromised host.

#dvscyber

#divergent

Here’s what you’ll need :

• Requires DoD 8570 compliance with CSSP Analyst baseline certification.

• Information Assurance Technical (IAT) Level I or Level II certification.

• Computing Environment (CE) certification. The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications.

• Requires successful completion of the Splunk software training course “Fundamentals 1”.

• ICS/SCADA certification similar to Global Industrial Cyber Security Professional (GICSP) certification OR Global Response and Industrial Defense (GRID) certification.

• Four (4) years of demonstrated experience as CDA in programs and contracts of similar scope, type, and complexity required. A technical bachelor's degree from an accredited college or university may be substituted for two (2) years of CDA experience on projects of similar scope, type, and complexity.

• One (1) year of demonstrated and practical experience in TCP/IP fundamentals.

• One (1) year of demonstrated experience with Bricata, tcpdump or Wireshark

• Two (2) years of demonstrated experience using security information and event management suites (such as Splunk, ArcSight, Kibana, LogRhythm).

• Two (2) years of demonstrated experience in network analysis and threat analysis software utilization

• Two (2) years of demonstrated experience maintaining or managing Cloud environments such as Microsoft Azure,

• Amazon Web Services (AWS), using tools like Microsoft Sentinel.

• Ability to work shift work is essential.

• Attendance is always critical. Must be able to work a 40-hour work week, dates and times of the week vary depending on the shift. In addition, times and days may vary depending on business requirements. Needs to be available to work overtime during critical peaks and be available to meet last minute requests for overtime should the situation occur.

• Must be able to communicate effectively both verbally and in writing.

• Must put forward a professional behavior that enhances productivity and promotes teamwork and cooperation.

• Must be able to interface with individuals at all levels of the organization both verbally and in writing.

• Must be well-organized with the ability to coordinate and prioritize multiple tasks simultaneously.

• Must work well under pressure to meet deadline requirements.

• Must take and pass a drug test and background check as well as a motor vehicle records check

Jacobs is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, religion, creed, color, national origin, ancestry, sex (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, medical condition, marital or domestic partner status, sexual orientation, gender, gender identity, gender expression and transgender status, mental disability or physical disability, genetic information, military or veteran status, citizenship, low-income status or any other status or characteristic protected by applicable law. Learn more about your rights under Federal EEO laws and supplemental language.