Cyber Protection Team Master Host Analyst

  • Zachary Piper Solutions, LLC
  • Washington, Washington DC
  • Jan 13, 2021
Full time Host/Hostess

Job Description

Zachary Piper Solutions is currently seeking Cyber Protection Team Host Analysts for a federal customer in Washington, DC. The position requires a minimum of TS/SCI with the ability and need for a CI Poly. This is a direct-hire with our customer. They are currently seeking candidates with either a strong Unix/Linux or Windows background for two openings.

Responsibilities of the Cyber Protection Host Team Analysts
  • Analyze Linux/Unix or Windows file systems, permissions, and operating system configurations in order to detect vulnerabilities and intrusions
  • Capture the memory of individual Linux/Unix or Windows processes and analyze it using built-in tools and capabilities
  • Navigate and search Linux/Unix or Windows file system structure and common processes for vulnerabilities, anomalies, backdoors, rootkits, remote-access tools, malware, etc.
  • Monitor, research, analyze, diagnose, and configure/manage Linux/Unix or Windows virtualization and Linux/Unix or Windows in virtualized environments to detect and respond to anomalies, vulnerabilities, and cyber incidents
  • Utilize scripting to develop common automation tasks in order to develop custom modules and functions to identify anomalies or suspicious machines
  • Perform initial triage procedures on potentially malicious Linux/Unix or Windows systems using best business practices
  • Patch Linux/Unix or Windows system vulnerabilities to ensure information is safeguarded against outside parties
  • Monitor operational environment and report on adversarial activities which fulfill leadership's priority information requirements
  • Conduct network and system level reconnaissance and vulnerability analysis of other systems within a network
  • Identify and conduct network mapping and operating system (OS) fingerprinting activities
  • Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity
  • Conduct open source data collection via various online tools
  • Edit or execute scripts (e.g., Python, Bash/shell, PERL, PHP) on Linux/Unix or Windows systems to perform tasks such as: parsing large data files, automating manual tasks, and fetching/processing remote data
  • Deploy cyber tools to a target Linux/Unix or Windows system and utilize them once deployed (e.g., backdoors, sniffers)
  • Determine and document software patches or the extent of releases that would leave Linux/Unix or Windows software vulnerable
  • Identify Linux/Unix or Windows applications and operating systems of a network device based on network traffic
  • Validate intrusion detection system (IDS) alerts
  • Confer with systems analysts, engineers, programmers, and others to design application and to obtain information on project limitations and capabilities, performance requirements, and interfaces
  • Evaluate Linux/Unix or Windows system security architecture and its design against cyberspace threats as identified in operational and acquisition documents
  • Perform security reviews and identify gaps in Linux/Unix or Windows environment security architecture and develop a security risk management plan
  • Provide and maintain CPT documentation for TTPs as inputs to training programs
  • Work with stakeholders to resolve Linux/Unix or Windows computer security incidents and vulnerability compliance
  • Identify potential points of strength and vulnerability among Linux/Unix or Windows segments of a network map
  • Assist in the construction of signatures which can be implemented on cyber defense tools in response to new or observed threats within a given Linux/Unix or Windows network enclave
  • Detect exploits against targeted networks and Linux/Unix or Windows hosts and react accordingly
  • Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on Linux/Unix or Windows systems and information
  • Isolate, extract, analyze, remove, and document malware on Linux/Unix or Windows systems
  • Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan
  • Plan and recommend modifications or adjustments based on exercise results or system environment

Qualifications for the Cyber Protection Host Team Analysts
  • Bachelor's degree desired, but not required
  • 4+ years of experience conducting or supporting Cyber Mission Forces exercises
  • 5+ years of experience as a Certified Senior Level Analyst
  • Must be compliant with the Enterprise Diagnostic and Troubleshooting Training
    • Enterprise Linux/Windows System Administration
    • Active Defense Offensive Countermeasures and Cyber Deception (SEC550)
    • SIEM with Tactical Analytics (SEC555)
    • Offensive Security Certified Practitioner (OSCP)
    • Offensive Security Certified Expert (OSCE)
  • Active TS/SCI security clearance with a CI polygraph or the ability to obtain and maintain a CI polygraph

Compensation for the Cyber Protection Host Team Analysts
  • Salary range from $160,000 - $200,000 annually
  • Benefits including Bonuses, 401k, Medical, Vision, Dental Benefits
- provided by Dice