Job Requirements
Annapolis Junction, MD
Top Secret/SCI Polygraph
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries
Job Description
The Swift Group is a privately held, mission-driven and employee-focused services and solutions company headquartered in Reston, VA. Our capabilities include Software Development, Engineering & IT, Data Science, Cyber Enablement, Logistics, and Training. Founded in 2019, Swift supports Civilian, Defense, and Intelligence Community customers across the country and around the globe.
We are looking for a Cyber Defense Analyst 3 to join a growing team in Annapolis Junction, MD.
Responsibilities:
Requirements:
We are looking for a Cyber Defense Analyst 3 to join a growing team in Annapolis Junction, MD.
Responsibilities:
- Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity.
- Generate cybersecurity cases (including event's history, status, and potential impact for further action) and route as appropriate.
- Perform advanced manual analysis to hunt previously unidentified threats.
- Identify cyber-attack phases based on knowledge of common attack vectors and network layers, models and protocols.
- Apply techniques for detecting host- and network-based intrusions.
- Analyze malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
- Possess deep knowledge of active directory abuse used by attackers for lateral movement and persistence.
- Perform after-action reviews of team products to ensure completion of analysis.
- Lead and mentor team members as a technical expert.
Requirements:
- Eight (8) years of demonstrated experience as a CDA in programs and contracts of similar scope, type, and complexity.
- A technical bachelor's degree from an accredited college or university may be substituted for two (2) years of CDA experience.
- Two (2) years of demonstrated and practical experience in TCP/IP fundamentals.
- Two (2) years of demonstrated experience with tcpdump or Wireshark.
- Three (3) years of demonstrated experience using security information and event management suites (such as Splunk, ArcSight, Kibana, LogRhythm).
- Three (3) years of demonstrated experience in network analysis and threat analysis software utilization.
- CSSP Analyst baseline certification (e.g., CEH, CySA+, CFR, etc.)
- IAT Level I or II certification
- Computing Environment (CE) certification for supported systems
- Global Information Assurances Certificate (GIAC) OR Global Certified Incident Handler (GCIH)
- US citizenship and an active TS/SCI with Polygraph security clearance required
group id: 90970707