Cloud Threat Development Analyst to work in our Charleston, SC office.
Job Description: The candidate(s) will be the organization's technical analyst that will assess required Defensive Cyber Operations (DCO) capabilities in multiple cloud environments (O365, Azure, AWS, Oracle) and develop appropriate detection measures in a mixed Elastic and Splunk environment. The candidate will perform analysis of available cloud environment data feeds, network monitoring and filtering systems (inc. IDS/IPS), and endpoint protection platforms in order to develop unified detection measures. Ensuring the rigorous application of information security/information assurance policies, principles, and practices. Experience with user associated DoD security practices.
Use Network, Host and Cloud Based data to drive detection, monitoring, and response capabilities
Create detection analytics based off the MITRE ATT&CK Framework and other security frameworks
Perform unique research on adversarial Tools, Techniques, and Procedures (TTPs)
Provide assistance to the Ops team in response to incidents by analyzing host behavior and network traffic
Authorized to view audit records on Central Log Server
Authorized to view alerts of IDS/IPS
Authorized to modify auditable events on Central Log Server
Overtime may be required as needed to support incident response actions (Surge)
Up to 15% Travel may be required
Required Skills:
Must have a TS/ SCI Clearance
Minimum 3-5 years of comparable experience performing Incident Response, Forensics, Malware Analysis, or Penetration Testing
5-7 years of experience if no degree
Experience with Cloud monitoring tools preferred (AWS, Azure)
Linux administration experience preferred (Redhat)
Must be proficient in at least three of the following disciplines:
Network traffic analysis and host-based log analysis
Comprehensive understanding of enterprise Windows security (Active Directory)
Static and Dynamic malware analysis
Practical knowledge in at least one scripting or development language (e.g. PowerShell or Python)
Must have working familiarity with two of the following products:
Splunk
Elastic
Carbon Black Response
Fidelis Network
Strong written and verbal communication skills
Strong understanding of common enterprise technologies
Ability to convey extremely technical concepts to audiences with varying technical understanding
8570 Classification IAT -II
Desired Skills:
Bachelor's degree or higher from accredited university/technical college in Cybersecurity, Computer Science, Information Systems, or other related scientific or technical discipline
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.