Senior Functional Analyst (Cyber Security/Network Analysis) with Security Clearance

Company: Kelly Services Inc.
Location: Honolulu
Posted on: January 15, 2021

Job Description:

Senior Functional AnalystLocation: Honolulu, HISalary: 120 - 129k Kelly Services is looking for a Senior Functional Analyst to provide Information Technology (IT) support services to USARPAC in Honolulu, HI. Personnel will conduct Defense Cyber Operations - Internal Defense Measures (DCO-IDM) to defend against unauthorized activity on supported networks. Support will be onsite. DUTIES INCLUDE:--- Network Infrastructure Security: Perform penetration testing (PT) and vulnerability testing IAW ARCYBER and RCC-P/DCO-Division Chief guidance and established Best Business Practices (BBPs), regulations, policies and procedures. Utilize known adversarial and other techniques such as Initial Operational Tests to identify existing adversary cyberspace attack vectors. Based on findings, prepare information briefs, white papers, and recommendations to provide Command visibility of the vulnerability, and to enhance the security posture of the networks.--- Defense in Depth Technologies and Procedures: Assess common Defense in Depth Technologies and Procedures for Post/Camp/Station (P/C/S) security enclave metrics, trends and analysis. Conduct Network Assistance Visits (NAV) IAW established BBPs, regulations, policies and procedures as requested by the TM and approved by the COR. NAVs may entail security testing, threat briefs, and user/leadership training on DCO topics. Findings from the NAV shall be used to produce follow-on information briefs, white papers, training requirements, and recommendations to the requesting command.--- New Technologies, Software Applications, and Network Devices: As directed or for the purpose of meeting a specific DCO-IDM requirement, assess new technologies and devices relevant to DCO-IDM. Technologies related to Penetration Testing will be vetted in accordance with 1st Information Operations Command and RCC-P SOPs and TTPs. Determine if technology or device will support/satisfy new requirements, positively enhance the analysis process and security posture of the networks, integrate into existing DCO-IDM architecture and tools sets, and can be properly accredited and authorized for use in the respective AOR. Upon completion of the assessment, information briefs, white papers, and recommendations will be provided to RCC-P leadership of final evaluation and determination of a course of action.--- Network and System Assessments: Detect systemic DCO vulnerabilities on the networks; Execute persistent PT utilizing approved guidance and tools. Emulate TTP's employed against the Army Networks, routinely target and assess enterprise (Army managed) level systems and network architecture to identify exploitable points of entry into Army networks and systems. Results of each assessment (on- going) will be used to determine best method of mitigation or continued monitoring. Findings will be briefed routinely to the network/systems owner (or Approving Official (AO) or ISSM).--- Network Damage Assessment: Deploy an Incident Response Team (IRT) (as determined and approved by the COR and establish incident response TTPs) with appropriate equipment required to successfully perform a Network Damage Assessment as outlined in AR 380-53. The intent of the Network Damage Assessment is to discover and mitigate negative effects for suspected and confirmed compromises of DoD networks, maintain, and update policies and procedures following each submission. The assessment shall consist of:o a) Gathering host logs from compromised system(s)o b) Conducting on-site scans with an anomaly detection tool to determine width of incident)o c) Incident handling on-site for newly identified compromised systemso d) Assist on-site administrators with securing affected network(s)o e) Assist in clean up as required)o f) Provide daily updates on situational awareness to leadership/pertinent agencies)o g) Prepare final Network Damage Assessment report)o h) Publish and maintain Network Damage Assessment TTPso i) Coordinate Network Damage Assessment efforts with ARCYBER and affected organizations--- Penetration Testing (PT): Evaluate new PT TTPs (new tool usage or adversary TTP) as required for inclusion on approved PT tools list and maintain PT TTPs and tools. Document training and use of all vetted PT tools.--- Situational Awareness of evolving cyberspace threat trends: Participate in CONUS/OCONUS Information Technology Security Seminars/Training events (i.e. Black Hat, Defense Readiness Condition (DEFCON), Armed Forces Communications and Electronics Association (AFCEA), etc.); Provide relevant technology feedback and forecasting of potential cyberspace threats to supported activities.--- Report incidents to law enforcement and counterintelligence agencies: Maintain an up-to- date Point of Contact (POC) list for Law enforcement and Counterintelligence (LE and CI) agencies as routinely provided by Computer Crimes Investigative Unit (CCIU) and Cyber Counter Intelligence agencies. All incident reports are provided to LE and CI. In cases where an active investigation will be opened, analysts will coordinate subject matter expertise and assistance to LE and CI per Army Regulation AR 25-2, Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510, and local incident handling procedures. LE and CI agencies will provide written request in accordance with local TTP that will include as a minimum the official case number and include specific data logs and information required. Expertise and support to be provided consists of providing required data along with a summary or analysis of the data. Data and answers provided in the analysis shall pertain specifically to requirements in the LE and CI official request or within the RCC-P TTPs. (i.e. do not provide data or answers to anything not specifically requested by LE and CI).--- Attend ARCYBER Cyber Operations (CO) meetings, conferences, and working groups worldwide: Attend local and distant meetings, conferences and working groups prepared to discuss and provide advice regarding CO issues and provide assessment of impact on supported operations; Support the official position of the organization in line with DoD doctrine and local guidance; Document via trip reports listing participants and describing topics of discussion, decisions and action items upon completion of the event.--- Synchronization: Synchronize operational information within the organization and with external organizations: Maintain accurate status on all organization and parent organization operations, training, visitor, and briefing requirements; Synchronize CO supporting Geographic Combatant Command. REQUIRED SKILLS AND CERTIFICATION :--- Candidates must have TS/SCI and meets certification requirements. --- Candidates must have Penetration testing experience.--- Prior Army experience is strongly preferred--- Knowledge and minimum 4 years of experience in Information Assurance Systems/Network Analysis. Experience with Network intrusion detection system (NIDS) software such as SNORT. Experience with Army Cyber Security (CS) guidance and regulations.--- Must meet CSSP-Auditor minimum requirements per DoD 8570.01-M.o CEH, CySA+,CISA, GSIA, GCIH, GICSP, SCYBER, CFR--- Must be able to complete the eMASS Computer Based Training (CBT) within 4 weeks of work start.--- Must obtain 1st IO CMD PT Computing Environment (CE) certification within 6 months. --- Must obtain after start- Operating System Certifications: SNORT IDPS/IPS Training Certificate based on current market offerings. Training IAW PWS Requirements: IA Awareness Training, as specified in AR 25-2; Antiterroism Level I; iWATCH; Level I OPSEC; TARP Training; Theater Specific Training, if applicable CSSP-A (CEH, CFR, CSA+, GCIA, GCIH, GICSP, SCYBER) PREFERRED EDUCATION: --- Bachelor's Degree in a related field, preferred. DESIRED SKILLS AND EXPERIENCE:--- Knowledge and minimum 2 years of experience in Functional Analysis. --- Technical skills in penetration and vulnerability testing.--- Experience with Cybersecurity Service Provider (CSSP) periodic inspections.--- Experience planning, synchronizing, and conducting Information Operations (IO) with the customer and other vendors.--- Experience with Army Cyber Security (CS) guidance and regulations.

Keywords: Kelly Services Inc., Honolulu , Senior Functional Analyst (Cyber Security/Network Analysis) with Security Clearance, Professions , Honolulu, Hawaii