Responsible for strengthening the defensive posture and cyber defense operational readiness of an IT Enterprise, our Enterprise Cyber Network Defense (ECND) program defends and protects Government assets from external Cyber Security attacks and Insider Threats that can potentially cause or create data, systems, networks, and personnel vulnerabilities.

Functional duties consist of:

• Performing Tier 1 Computer Security Incident Response activities for a large organization that involves coordinating with other government agencies to record and report incidents.
• Improving the detection, escalation, containment and resolution of malware incidents.
• Communicating alerts to agencies regarding intrusions and compromises to their network infrastructure, applications and operating systems.
• Evaluating and analysis complex malicious binaries and exploits improve defenses and awareness. 
• Identifying requirements for new malware analysis capabilities, and contribute to the development of new malware analysis tools and techniques.
• Investigating instances of malicious code to determine attack vector, payload, and the extent of damage and data exfiltration.
• Performing forensic analysis on system memory, hard drives and network traffic.
• Scripting whenever required achieving short/long term requirements.
• Providing guidance and work leadership to less-experienced technical staff members, and may have supervisory responsibilities.
• Maintaining current knowledge of relevant technology as assigned.
• Participating in special projects as required.
• May serve as a technical team or task leader.

Competencies include:

• Malware analysis, reverse engineering, threat intelligence, and signature development tools (OllyDbg, IDA Pro, WinDbg, Maltego, YARA, Snort) .
• An understanding of programming (C/C++, Assembly, Java), web (PHP, JavaScript) languages, as well as the ability to utilize scripting languages (Python) for incident handling and development purposes.
• Knowledgeable in network analysis and monitoring (Wireshark, Sourcefire, Fidelis, FireEye)
• Experience in multimedia forensics (EnCase, FTK, Paraben, Cellebrite, Active Defense)
• Intrusion Prevention Systems (Tipping Point, Websense, Dragon).
• Familiarity with passive DNS. 

Position may require evening, weekend or shift-work (depending on operational tempo).