E

Cybersecurity - Cyber Defense Analyst - Malware, Vulnerability, Incidents

Erias Ventures
On-site
Lackland AFB, Texas, United States
$210,000 - $232,000 USD yearly
Erias Ventures was founded to serve its customers with an entrepreneurial mindset. We value creative problem-solvingopen communication, and empowering our employees to make decisions and put forth new ideas.



Our staff includes technical experts working across multiple disciplines, bringing diverse perspectives to every project. We are seeking engineers who wish to grow their careers and want to become part of a technically strong and growth-oriented company focused on bringing innovative solutions to the difficult mission problems facing our customers.



Description

The Cyber Defense Analyst uses information collected from a variety of sources to monitor network activity and analyze it for evidence of anomalous behavior. Identifies, triages, and reports events that occur in order to protect data, information systems, and infrastructure. Finds trends, patterns, or anomaly correlations utilizing security-relevant data. Recommends proactive security measures. Conducts analysis to isolate indicators of compromise. Notify designated managers, cyber incident responders, and cybersecurity service provider team member of suspected cyber incidents and articulate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan.

  • Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity.

  • Generate cybersecurity cases (including event’s history, status, and potential impact for further action) and route as appropriate.

  • Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses.

  • Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

  • Perform advanced manual analysis to hunt previously unidentified threats.

  • Conduct PCAP analysis.

  • Identify cyber-attack phases based on knowledge of common attack vectors and network layers, models and protocols.

  • Apply techniques for detecting host- and network-based intrusions.

  • Working knowledge of enterprise-level network intrusion detection/prevention systems and firewall capabilities.

  • Understand the foundations of a hardened windows network and what native services and protocols are subject to abuse (such as RDP, Kerberos, NTLM, WMI, and SMB).

  • Familiarity with fragmentation of network traffic and how to detect and evaluate fragmentation related attacks in raw packet captures.

  • Conduct network – traffic, protocol and packet-level – and netflow analysis for anomalous values that may be security-relevant using appropriate tools (such as Wireshark, tshark, tcpdump).

  • Understand snort filters and how they are crafted and tuned to feed IDS alerting.

  • Understand system and application security threats and vulnerabilities to include buffer overflow, SQL injection, race conditions, covert channel, replay and return-oriented attacks, malicious code and malicious scripting.

  • Analyze malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.

  • Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.

  • Familiar with indications of Command and Control (C2) channels and what strategies attackers use to bypass enterprise defenses from a compromised host.

  • Demonstrate advanced knowledge of how adversaries penetrate networks and how those attacks map to detectable events across the ATTACK framework.

  • Understand how VBS, Jscript, and Powershell can be maliciously used within a network and what level of monitoring and auditing is required to detect.

  • Possess deep knowledge of active directory abuse used by attackers for lateral movement and persistence.

  • Provide expertise in the identification of adversarial Tactics, Techniques, and Procedures (TTPs) and in the development and deployment of signatures.

  • Perform after-action reviews of team products to ensure completion of analysis.

  • Lead and mentor team members as a technical expert.


Clearance

A current Top-Secret/SCI with polygraph security clearance is required. Candidates cannot be sponsored or nominated for a government security clearance under this position.

 

Experience

Eight (8) years of demonstrated experience as a CDA in programs and contracts of similar scope, type, and complexity is required. A technical bachelor’s degree from an accredited college or university

may be substituted for two (2) years of CDA experience on projects of similar scope, type, and complexity.


  • Two (2) years of demonstrated and practical experience in TCP/IP fundamentals.

  • Two (2) years of demonstrated experience with network traffic analysis tools such as Bricata, tcpdump or Wireshark.

  • Three (3) years of demonstrated experience using security information and event management suites (such as Splunk, ArcSight, Kibana, LogRhythm).

  • Three (3) years of demonstrated experience in network analysis and threat analysis software utilization.

  • Requires DoD 8570 compliance with CSSP Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification. The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications.

  • Requires Global Information Assurances Certification (GIAC) Certified Incident Handler (GCIH)

    certificate or Certified Intrusion Analyst (GCIA) certificate.

  • Requires successful completion of the Splunk software training course "Fundamentals 1"

  • Three (3) years of demonstrated experience maintaining or managing Cloud environments such as

    Microsoft Azure, Amazon Web Services (AWS), using tools like Microsoft Sentinel.


Benefits

Erias Ventures provides a complete package of wealth, health, and happiness benefits. The expected salary range for this position, depending on education and years of experience is $210,000 - $232,000.



Wealth Benefits:

  • Above Market Hourly Pay 

  • 11% Roth or Traditional 401k with Immediate Vesting and Deposit

  • Spot Bonuses for Assisting with Business Development and Company Growth

  • Professional Development Bonuses for Certificates and Degrees


Health Benefits:

  • Company subsidized Medical Coverage

  • 100% Company Paid Vision and Dental Coverage

  • 100% Company Paid Long Term DisabilityShort Term Disability, and Group Life Insurance

  • Monthly Wellness Reimbursement


Happiness Benefits:

  • Paid Time Off with Flexible Work Schedules and Birthday Off

  • Amazon Prime Membership and Monthly Internet Reimbursement

  • Technology and Productivity Allowance for Equipment and Supplies

  • Morale Building and Company Events to Celebrate our Successes and Build our Community

  • Onboarding and Annual Swag

  • Company Paid Professional Development and Training


At Erias Ventures, we are dedicated to fostering a diverse and inclusive workplace. As an equal opportunity employer, we ensure that all qualified applicants are considered for employment based on merit, without discrimination. We welcome individuals regardless of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

 

Referrals & Inquiries

Do you know a cleared professional seeking to advance their career? Interested in earning some extra cash? If so, refer them to us with their name and contact details, and you could be eligible for a referral bonus of up to $10,000 for each successful hire.



Not seeing the right position right now? Reach out to us, and we’ll notify you as new contracts and opportunities become available!

 

Please send referrals and inquiries to:

jobs@eriasventures.com

 

To learn more about our company visit our webpage or LinkedIn.