Endpoint analyst

at  BAE Systems

JOB DESCRIPTION

BAE Systems, Inc. is searching for a Mid to Senior level Endpoint Threat Detection and Response analyst to conduct host-based defensive cyber operations. Such operations include: reviewing detections/alerts, investigating suspicious activity, threat hunting, developing detection content and performing live artifact retrieval on EDR/EPP platforms. In addition, developing deployable forensics tools.

REQUIRED EDUCATION, EXPERIENCE, & SKILLS

Monitor detections/alerts in EDR/EPP platforms
Investigate and triage detections/alerts in EDR/EPP platforms
Conduct threat hunting operations using various tools
Develop host-based detection content in EDR/EPP platforms
Experience developing deployable forensics tools (for system admins to be able to run to automatically gather artifacts for offline analysis)
Incident Response
Intrusion Analysis
Forensic Analysis
Experience working in a security operations center
Working understanding of the Lockheed Martin Cyber Kill Chain®
College degree is not required
Extensive experience with Windows operating system function, registry, internals, etc.
Experience with and understanding of common malware tactics and how they interact with victim systems.
Experience with coding/scripting in languages such as Python, PowerShell, Unix Shell Scripting.
Experience with any of SentinelOne, CrowdStrike, Carbon Black, FireEye HX, McAfee ePO, etc.
Linux OS familiarity.

PREFERRED EDUCATION, EXPERIENCE, & SKILLS

Experience with both commodity and nation-state malware
Familiar with malware families (e.g. PoisonIvy, Gh0st RAT)
PowerShell Scripting
CrowdStrike Falcon experience
FireEye Endpoint Protection (HX) experience
McAfee Access Protection (ePO/MCAP) experience
Solid experience with Linux OS
Writing of Yara rules to identify malicious files

Please refer the Job description for details