Softworld Security Engineer in Washington, District Of Columbia
| Contract to Hire
Post Date: 03/14/2018
Job ID: 225773
Security Engineer (FireEye and/or Splunk)
Possess in-depth knowledge of network endpoint, threat intelligence, forensics and malware reverse engineering, as well as the functioning of specific applications or underlying IT infrastructure: acts as an incident “ hunter.” Not waiting for escalated incidents; closely involved in developing, tuning and implementing threat detection analytics.
Forensic Investigations (Host and Network):
Conducts and/or supervises computer forensic examinations to include the collection, preservation, processing, and analysis of digital evidence. Substantiates or disproves investigative allegations through adherence to the highest level of industry standards associated with the forensic examination of digital media.
Malicious/Anomalous Activity Discovery:
The successful candidate will be responsible for hunting for malicious or anomalous activity across the enterprise, using existing tools. Acts in coordination with current SOC staff to lead the development and implementation of an advanced analysis and search capability focused on identifying potentially sophisticated APT and Insider Threat activities within the organization. Maintains the ability to rapidly perform a variety of technical tasks including network traffic analysis, system forensics, malware analysis, and signature generation before moving on to the next area of focus within the enterprise. Provide tailored remediation and counter-measure recommendations to network defenders.
Cyber Incident Response:
Responsible for leading rapidly evolving incident response engagements as a key technical expert and member of the Computer Security Incident Response Team (CSIRT), assisting and responding to incidents in coordination with the security operations center. Acts as subject matter expert on forensic artifacts (network and host-based) as they pertain to system compromises and malware infections. Provides written summaries and analysis of incidents for management review.
Cyber Threat Intelligence Analysis / Staff Awareness:
Works to identify potential and actual cyber threats to systems and networks.
Highly motivated, interested in the fields of cyber defense and cyber research
Inquisitive, and able to research new highly technical subjects
Strong experience with SPLUNK or similar tools
Prior incident response experience
Experience with forensic tools including EnCase, FTK, NetWitness, WireShark, or similar
Familiar with sound forensic principles, techniques, and processes.
Malware analysis skills, with a general understanding of reverse engineering techniques.
Advanced understanding of Windows internals and Windows networks.
Understanding of enterprise networks, security infrastructure, and common network protocols
Substantial experience with and knowledge of typical attack vectors, network exploitation techniques, and exfiltration channels
Experience in host and network-based signature development
Experience with one or more programming languages, preferably at least one high level and one low level language. Examples include Perl, Python, Ruby, Java, C, and x86 ASM
Penetration testing experience
Desired industry certifications include SAN SEC503, SAN504, SAN561, CEH, and CISSP
A minimum of 3 years of experience conducting computer forensic examinations, malware analysis and incident response
Ability to conduct research and development (R&D) of computer forensic and intrusion analysis methods and procedures, malware analysis activities, and complete case reports
Excellent written and oral communication skills as well as customer service skills are required.
U.S. citizens/Green card ONLY due to government or federal contract requirement.
BS or equivalent + 5 yrs related experience, or MS + 3 yrs related experience