Today
Top Secret/SCI
Unspecified
Unspecified
IT - Security
Springfield, VA (On-Site/Office)
Advanced Cybersecurity Analytics Lead
Job Category: Information Technology
Time Type: Full time
Minimum Clearance Required to Start: TS/SCI
Employee Type: Regular
Percentage of Travel Required: Up to 10%
Type of Travel: Local
* * *
The Opportunity:
As the Advanced Cyber Analytics team lead, you will be tasked with developing and maintaining defensive countermeasures for the enterprise. Working within a Fusion model, you will collaborate with other teams within Focused-Operations with the task of proactively preventing a successful compromise and eradicating persistent adversaries already in the enterprise. This will be done through various means such as reviewing future and past intelligence reports, reviewing incident reports, through regular Purple Team exercises, and continuously validating Defensive Countermeasures already deployed.
Responsibilities:
• Lead the Advanced Cyber Analytics Team in developing and maintaining countermeasures, integrating the team in Focused-Operations and other outside teams' processes, providing expertise to train/mentor more junior members.
• Analyze trends and patterns of data on NGA networks to identify and predict previously undiscovered events and incidents and develop or tune rules/signatures/scripts as needed.
• Coordinate with Defensive Cyber Operations and Focused-Operations to develop or tune rules/signatures/scripts.
• Coordinate with other Cybersecurity Operations Services to investigate and obtain information about potential sources of compromise on enterprise systems and develop or tune rules/signatures/scripts as needed.
• Correlate and analyze precursors to incidents and develop or tune rules/signatures/scripts as needed.
• Collaborate with the Cyber Data Analytics team to achieve Security Information and Event Management (SIEM) alert efficiency through evaluation of valid alerts and false positives, and develop or tune rules/signatures/scripts as needed.
• Work with the Cyber Incident Response Team by assessing ongoing incident activity to predict adversary responses and locations of compromise to assist with triage.
• Document all work in the authorized ticketing system with a sufficient level of detail to ensure all stakeholders can systematically reconstruct the analysis.
• Provide input to recurring meetings and briefings as required.
Qualifications:
Required:
• Must be a US Citizen with an Active TS/SCI.
• 8+ years of related advanced cyber security analytics work experience.
• Must have a certification that is compliant with DoD 8140.01 and DoD 8570.01-M IAT Level III and CSSP Analyst.
• Experience with data mining or building queries in a SIEM.
• Strong understanding of signature development and tuning.
• Strong understanding of network protocols and analysis with protocol analyzers.
• Knowledge of static file signatures, i.e., "magic numbers" and how it applies to developing countermeasures for files in transit and that reside locally on a host.
• Good working knowledge of regular expressions.
• Excellent written and verbal communication.
Desired:
• Comfortable in a hex editor.
• Ability to write Python/Bash/PowerShell scripts.
• Ability to analyze each use case, as it pertains to detection logic, and identify the corresponding capability.
• Good understanding of Purple Team Tactics.
• Familiarity with security in a cloud environment and how it applies to visibility gaps, data lakes, and data mining.
-
________________________________________________________________________________________
What You Can Expect:
A culture of integrity.
At CACI, we place character and innovation at the center of everything we do. As a valued team member, you'll be part of a high-performing group dedicated to our customer's missions and driven by a higher purpose - to ensure the safety of our nation.
An environment of trust.
CACI values the unique contributions that every employee brings to our company and our customers - every day. You'll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.
A focus on continuous growth.
Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground - in your career and in our legacy.
Your potential is limitless. So is ours.
Learn more about CACI here.
________________________________________________________________________________________
Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here .
The proposed salary range for this position is:
$103,800 - $218,100
CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.
Job Category: Information Technology
Time Type: Full time
Minimum Clearance Required to Start: TS/SCI
Employee Type: Regular
Percentage of Travel Required: Up to 10%
Type of Travel: Local
* * *
The Opportunity:
As the Advanced Cyber Analytics team lead, you will be tasked with developing and maintaining defensive countermeasures for the enterprise. Working within a Fusion model, you will collaborate with other teams within Focused-Operations with the task of proactively preventing a successful compromise and eradicating persistent adversaries already in the enterprise. This will be done through various means such as reviewing future and past intelligence reports, reviewing incident reports, through regular Purple Team exercises, and continuously validating Defensive Countermeasures already deployed.
Responsibilities:
• Lead the Advanced Cyber Analytics Team in developing and maintaining countermeasures, integrating the team in Focused-Operations and other outside teams' processes, providing expertise to train/mentor more junior members.
• Analyze trends and patterns of data on NGA networks to identify and predict previously undiscovered events and incidents and develop or tune rules/signatures/scripts as needed.
• Coordinate with Defensive Cyber Operations and Focused-Operations to develop or tune rules/signatures/scripts.
• Coordinate with other Cybersecurity Operations Services to investigate and obtain information about potential sources of compromise on enterprise systems and develop or tune rules/signatures/scripts as needed.
• Correlate and analyze precursors to incidents and develop or tune rules/signatures/scripts as needed.
• Collaborate with the Cyber Data Analytics team to achieve Security Information and Event Management (SIEM) alert efficiency through evaluation of valid alerts and false positives, and develop or tune rules/signatures/scripts as needed.
• Work with the Cyber Incident Response Team by assessing ongoing incident activity to predict adversary responses and locations of compromise to assist with triage.
• Document all work in the authorized ticketing system with a sufficient level of detail to ensure all stakeholders can systematically reconstruct the analysis.
• Provide input to recurring meetings and briefings as required.
Qualifications:
Required:
• Must be a US Citizen with an Active TS/SCI.
• 8+ years of related advanced cyber security analytics work experience.
• Must have a certification that is compliant with DoD 8140.01 and DoD 8570.01-M IAT Level III and CSSP Analyst.
• Experience with data mining or building queries in a SIEM.
• Strong understanding of signature development and tuning.
• Strong understanding of network protocols and analysis with protocol analyzers.
• Knowledge of static file signatures, i.e., "magic numbers" and how it applies to developing countermeasures for files in transit and that reside locally on a host.
• Good working knowledge of regular expressions.
• Excellent written and verbal communication.
Desired:
• Comfortable in a hex editor.
• Ability to write Python/Bash/PowerShell scripts.
• Ability to analyze each use case, as it pertains to detection logic, and identify the corresponding capability.
• Good understanding of Purple Team Tactics.
• Familiarity with security in a cloud environment and how it applies to visibility gaps, data lakes, and data mining.
-
________________________________________________________________________________________
What You Can Expect:
A culture of integrity.
At CACI, we place character and innovation at the center of everything we do. As a valued team member, you'll be part of a high-performing group dedicated to our customer's missions and driven by a higher purpose - to ensure the safety of our nation.
An environment of trust.
CACI values the unique contributions that every employee brings to our company and our customers - every day. You'll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.
A focus on continuous growth.
Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground - in your career and in our legacy.
Your potential is limitless. So is ours.
Learn more about CACI here.
________________________________________________________________________________________
Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here .
The proposed salary range for this position is:
$103,800 - $218,100
CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.
group id: caci
CACI Careers – Make an Impact
