Cyber Defense Analyst

at  Gem Technologies Inc

REQUIREMENTS

• Education & Years of Experience – To be considered, you must meet one of the following combined education and experience requirements:
• PhD in a technical field with limited experience.
• Masters degree in a technical field and 2+ years of related experience.
• Bachelors degree in a technical field and 5+ years of related experience.
• Associates degree in a technical field and 10+ years of related experience.
• Clearance – To be considered, you must have an active or very recently active DOE “Q” Clearance or DOD “Top Secret” Clearance.
• Citizenship – To be considered, you must be a United States (U.S.) citizen due to the federal nature of the work.

ABOUT THE ROLE

We are seeking a Cyber Defense Analyst with an active DOE “Q” Clearance or a DOD “Top Secret” Clearance to join our team supporting the DOE’s Y-12 National Security Complex in Oak Ridge, TN. This position is full-time and has been approved for work in a primarily remote capacity; however, visits to Y-12 National Security Complex will be required once per quarter.

RESPONSIBILITIES

• Use data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats.
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources; develop content for cyber defense tools.
• Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack; perform cyber defense trend analysis and reporting.
• Provide daily summary reports of network events and activity relevant to cyber defense practices.
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
• Use cyber defense tools for continual monitoring and analysis of system activity to identify potential malicious activity.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
• Identify applications and operating systems of a network device based on network traffic.
• Reconstruct a malicious attack or an activity utilizing network traffic.
• Notify designated managers, and cybersecurity service provider team members of suspected security incidents and communicate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan.