Cyber Hunt and Incident Response Analyst

At phia, we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.

phia has an opportunity for a Cyber Hunt and Incident Response Analyst to support our DHS CISA Hunt and Incident Response (HIRT) Network Analysis team. This Cyber Network Defense Analyst (CNDA) will provide front line response for digital forensics/incident response (DFIR) and proactively hunt for malicious cyber activity. Come join our cutting-edge team working on stopping some of the world’s most advanced adversaries. This position is located in Arlington, VA with some remote capability at the discretion and direction of the customer. Preferred applicants will live within a commutable distance to Arlington, VA

What You'll Do

• Use information collected from a variety of sources to monitor network activity and analyze it for evidence of suspicious behavior.
• Perform monitoring and analysis to identify and report events that occur, or might occur, within the network, in order to protect information, information systems, and networks from threats.
• Assist the Government lead in coordinating teams in preliminary incident response investigations
• Assist the Government lead with interfacing with the customer while on site
• Perform management duties as required to support the team, projects and analysts
• Determine appropriate courses of actions in response to identified and analyses anomalous network activity
• Assess network topology and device configurations identifying critical security concerns and providing security best practice recommendations
• Assist with the writing and publishing of Computer Network Defense guidance and reports on incident findings to appropriate constituencies
• Collect network intrusion artifacts (e.g., PCAP, domains, URI’s, certificates, etc.) and use discovered data to enable mitigation of potential Computer Network Defense incidents
• Analyze identified malicious network activity to determine weaknesses exploited, exploitation methods, effects on system and information
• Collect network device integrity data and analyze for signs of tampering or compromise
• Assist with real-time CND incident handling (i.e., forensic collections, intrusion correlation and tracking, threat analysis, and advising on system remediation) tasks to support onsite engagement

Requirements

Education + Experience

• BS Computer Science, Cyber Security, Computer Engineering, or related degree; or HS Diploma & 10 years of network investigations experience.
• 5+ years of directly relevant experience in network investigations -
• In depth knowledge of CND policies, procedures and regulations
• In depth knowledge of TCP/IP protocols
• In depth knowledge of standard protocols – ICMP, HTTP/S, DNS, SSH, SMTP, SMB, NFS, etc.
• In depth knowledge and experience of Wi-Fi networking
• In depth knowledge and experience of network topologies - DMZ’s, WAN’s, etc.
• Substantial knowledge of Splunk (or other SIEM’s)
• Understanding of MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK) Knowledge of Computer Network Defense policies, procedures, and regulations
• Knowledge of defense-in-depth principles and general attack stages with respect to network security architecture
• Ability to characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
• Ability to identify and analyze anomalies in network traffic using metadata
• Experience with reconstructing a malicious attack or activity based on network traffic
• Experience examining network topologies to understand data flows through the network
• Must be able to work collaboratively across physical locations

Preferred

• Python programming experience
• Strong math and science background
• Experience with Carnegie Mellon SiLK tool suite
• Substantial knowledge of network device integrity concepts and methodologies
• Proficiency with network analysis software (e.g., Wireshark)
• Proficiency with carving and extracting information from PCAP data
• Proficiency with non-traditional network traffic (e.g., Command and Control)
• Proficiency with preserving evidence integrity according to standard operating procedures or national standards

• Must be a U.S. Citizen
• Must have an active TS/SCI clearance
• Must be able to obtain DHS Suitability

Desired Certifications

• One or more of the following professional certifications: GNFA, GCIH, GCIA, GSEC, CASP+, CySA+, PaLMS, FedVTE - GSEC (SANS401), Arcsight (or other SEIM solution), Network+, Security+
• Don't have certifications or expired? phia can help you get there!

• A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
• Intellectually curious with a genuine desire to learn and advance your career.
• An effective communicator, both verbally and in writing.
• Customer service oriented and mission focused.
• Critical thinker with excellent problem-solving skills

If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.

IMPORTANT: This position may be subject to Executive Order 14042 and the Safer Federal Workforce Task Force Guidance requiring covered employees to be fully vaccinated against COVID-19, which the Federal Government is not enforcing at this time.

Benefits

COMPANY OVERVIEW:

Who We Are

phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia values work-life balance and offers the following benefits to full-time employees:

• Comprehensive medical insurance to include dental and vision
• Short Term & Long-Term Disability
• 401k Retirement Savings Plan with Company Match
• Tuition and Professional Development Assistance
• Flex Spending Accounts (FSA)

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.