MS-DAEN-L Archives

July 2018

MS-DAEN-L@LISTSERV.GMU.EDU

Options: Use Proportional Font
Show HTML Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Robert Osgood <[log in to unmask]>
Reply To:
Robert Osgood <[log in to unmask]>
Date:
Thu, 12 Jul 2018 14:24:33 +0000
Content-Type:
multipart/alternative
Parts/Attachments:
text/plain (1930 bytes) , text/html (13 kB)
This is a Security Analyst position focused on identifying malicious activity on the client network.  This threat hunting role touches on multiple domains to include network forensics, host forensics, mobile forensics, and malware analysis.  A successful candidate will research and understand different TTP’s used by cyber threat actors, then apply that knowledge to find malicious activity on or against the network.



Daily duties:



•       Review Network, Host, and or Mobile device logs for anomalious activity

•       Research new TTPs to monitor for on the network

•       Develop detection methodologies for such TTPs

•       Perform deep dive research into technologies of interest

•       Identify gaps in visability and work to remediate

•       Identify and recommend process creation and improvements



Required:  Knowledge of the following security tools and concepts:



•       Famialiarty with cloud best practices and logging

•       Knowledge of computer networking

•       In depth knowledge of Windows OS

•       Working knowledge of Packet analysis tools (such as Wireshark)

•       Working knowledge of log corelation utilitites

•       Ability to identify malicous activity in emails, documents, and on webpages

•       Substantial experience with and knowledge of typical attack vectors, network exploitation techniques, and exfiltration channels



Desired Skills:

•       Experience with Yara, PowerShell, and/or cloud-based infrastructure (O365, Azure)

•       Experience with Splunk or other security information and event management (SIEM) tools.

•       Experience with one or more programming languages, preferably at least one high level and one low level language. Examples include Python, Java, C, and x86 ASM.

•       Expereience analyzing iOS file systems




Feel free to contact Rob Soligan: [log in to unmask]<mailto:[log in to unmask]> or 571-435-6943 concerning this position.




ATOM RSS1 RSS2