The Cyber Engineer Principal II designs, develops, documents, analyzes, tests, integrates, debugs, conducts research and/or discovers and analyzes security flaws or vulnerabilities in software, networks, systems, applications and/or provide mitigation strategies. The Cyber Engineer ensures system security needs are established and maintained for various objects/matters. Integrates new architectural features into existing infrastructures, design cyber security architectural artifacts, provide architectural analysis of cyber security features and relate existing system to future needs and trends. Evaluates computer software and network for threats and/or malware Collects data from a variety of network security tools, including intrusion detection system alerts, firewall and network traffic logs, and host system logs to analyze events that occur within their environment. Employs and provides computer advanced forensic tools, techniques, and intrusion support for attack reconstruction and high technology investigations, while reviewing threat data from various sources. This position may also identify network computer intrusion evidence and perpetrators.
- Analyze output from various security devices and malware and incident reports to improve detection of and to minimize future incidents.
- Assess and analyze system security to identify and mitigate risks and vulnerabilities.
- Recommend countermeasures to mitigate risks and vulnerabilities.
- Prepare documentation, including incident reports, security recommendations, etc.
Required Skills and Experience:
- Experience in intrusion detection and prevention systems (IDS/IPS), log analysis, malware analysis, network traffic flow and packet analysis
- Experience with standard security principles, policies, standards and industry best practices
- Experience with software development
- Understanding of windows and UNIX operating systems
- Understanding of security technologies and concepts, experience in design and implementation of secure network solutions including DMZs and web portals
- Knowledge of Information Assurance and Information Operations technologies and development activities
- Understanding of the processes and guidelines for Certifying & Accrediting (DCID, ICD, NIST 800-53, SANS 20) information systems based upon experience on a large-scale development program.
- Practical experience hardening IT systems in compliance with STE/STIG guidelines
- Possesses or quickly develop a comprehensive understanding of Government Information Security policies, regulations, and guidelines.
- Experience and knowledge of networking (TCP/IP, topology, sockets and security), operating systems (Windows/UNIX/Linux), and web technologies (Internet security)
Additional Responsibilities and/or Skills:
- Experience leading an incident response team required.
- Perform attack reconstruction, review threat data and investigate security incidents to determine extent of intrusion and compromise to system and data
- Provide computer forensic and intrusion support to high technology investigations in the form of computer evidence seizure, computer forensic analysis, data recovery, and network assessments.
- Auto-generate network traffic intelligence.
- Develop mitigation strategies, including influencing accessible assets and data flows (e.g. block behaviors, quarantine hosts and enclave, block and modify traffic).
- Provide countermeasure recommendations and business cases based on standard security principles, policies, standards and industry best practices
- Test and provision countermeasures
- Mitigate attacks and threats by assessing the impact of countermeasures and response effects
- Monitor and diagnose potential residual effects
- Use encryption technology, penetration, risk management and vulnerability analysis of various security technologies and information technology security research
- Gather data and formulate mitigation plans for effective and real-time incident response
Perform one or more of the following:
- Malicious payload analysis, inspection of PCAP payload at the application layer
- De-obfuscation; transform source or machine code to human-readable cost to assess script functionality
- Botnet activity correlation: asses impact/ effect of software robots (i.e., ‘bots’) that run autonomously, automatically and/or undetected
- Assist in identification and implementation of appropriate information security functionality
- Serve as a subject matter expert for application security in support of programs
- Produce reports and briefs to provide accurate depiction of threat landscape and associated risk
Experience with one or more of the following is required:
- MS Visual Studio, Driver Development Kit, IdaPro, Windbg, SoftIce, OllyDbg, VMWare
- Experience with ArcSight
- SourceFire experience desired
- Bachelor’s degree in Cyber Security, Information Security, Software Engineering or a related discipline
- Ten (10) or more years of cyber security experience required; A Master’s degree in a related discipline may substitute for two (2) years of experience; A PhD may substitute for four (4) years of experience
- Twelve (12) years of experience (for a total of twenty-two (22) or more years) may be substituted for a degree
- Certified Information Systems Security Professional (CISSP) certification
- DoD 8570 IAM Level II certification
- CASP CE
- Information Systems Security Engineering Professional (ISSEP) or Information System Security Architect Professional (ISSAP) certification
- Certified Ethical Hacker (CEH) certification
- SANS/GIAC Reverse Engineering Malware (GREM) certification
- ArcSight Certified Security Analyst (ACSA) or ArcSight Certified Advance Security Analyst (ACASA) certification
- SourceFire Certified Professional (SFCP) certification
- Active Top Secret required; TS/SCI preferred
- U.S. Citizenship required
Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.
Zero stress and one profile that can connect you directly to 1000s of companies.
We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.
Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.
Join now and Be Seen.