The mission of the Jacobs Lone Wolf Team is to support, operate, and maintain the Distributed Continuity Integrated Network - Top Secret Enterprise Services (DCIN-TS ES). The DCIN-TS ES is a DoD provided, TS/SCI, integrated voice, video, and data, global communications network that facilitates collaboration among senior leaders and key staff.

Candidates are expected to have a strong work ethic and possess the ability to work as a critical member of a team in pursuit of mission objectives and in support of our customers. We value candidates who are detail-oriented while also being able to think and react quickly to emerging and unique problem sets. To be successful in this role, you'll be able to rapidly adapt and learn how to operate the front and back end of new products and processes.

Responsibilities:

• Use Splunk to proactively monitor and provide near-real-time cyber security status and reports to enable timely decision-making
• Proactively search for threats, inspect traffic for anomalies and new malware patterns
• Investigate and analyze logs. Provide analysis and response to alerts
• Perform log analysis to identify trends, abnormal behavior, correlate events, and detection of TTPs.
• Perform real-time cyber defense incident handling tasks (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) to support Incident Response across Windows and Linux platforms and escalate incidents following documented procedures and SOPs.
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
• Produce high-quality written and verbal communications, recommendations, and findings to customer management.
• Perform critical thinking and analysis to investigate cyber security alerts
• Coordinate with internal and external teams to address threats and risks via investigation
• Analyze log files from a variety of sources (e.g., individual host, network traffic, firewall, and intrusion detection system (IDS) logs) to identify possible threats to network security.

#divergent

• Must have active TS/SCI
• At least 5-10 years of relevant experience
• 8570 IAT 2 Sec+ certification required
• Shall have a minimum of three (3) years of professional experience in cybersecurity, information risk management, or information systems risk assessment, and must be knowledgeable in many areas such as: Vulnerability Assessments, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Data Loss Prevention, Encryption, Web-filtering, and Advanced Threat and Incident Response
• At least 2 years' experience working in a SOC or cybersecurity-related environment.
• The ability to create ad-hoc SPL searches using a wide variety of sources.
• Experience conducting or managing incident response and investigating targeted threats
• Understanding of system internals is required to understand how to implement and execute countermeasures and remediation.
• Knowledge of network protocols (e.g. TCP/UDP, HTTP, ICMP, DNS, SMTP, etc), network analysis tools, and ability to perform analysis of associated network logs.
• Experienced with network topologies and network security devices (e.g. Firewall, IDS/IPS, Proxy, DNS, WAF, etc).
• Solid understanding of cyber threats, MITRE ATT&CK framework and other TTPs.
• Knowledge of current IT security best practices.
• Knowledge of APTs, their capabilities, and experience implementing appropriate countermeasures

Preferred:

• Splunk Core Certified User
• Experience with Splunk Enterprise Security.
• Experience in a scripting language (e.g. Python, Powershell, etc)
• 8570 CSSP CySA+, CEH, or GCIH certification preferred