This position is located in Arlington, VA and will be onsite 5 days a week. No hybrid/telework allowed. 

Responsibilities:

• Provide static and dynamic malware analysis support in a 24x7x365 environment.
• Contribute to Shift Change Document.
• Conduct advance analysis and recommend remediation steps for cybersecurity events and incidents.
• Publish after-action reports, cyber defense techniques, guidance, and incident reports.
• Respond to and assist with the resolution of any suspected or successful cybersecurity breach or violation.
• Share knowledge and intelligence gained from cybersecurity events with stakeholders.
• Assist with training junior level analysts.
• Perform analysis of network and host logs.
• Perform network searches, artifact collection and timeline analysis using a variety of EDR tools.
• Share in-depth knowledge and intelligence gained from cybersecurity events with stakeholders.
• Protect against and prevent potential cybersecurity threats and vulnerabilities.
• Assist in the development and implementation of training programs for malware analysts.
• Review, draft, edit, update, and publish cyber incident response plans.

Qualifications:

Required Qualifications:

• Bachelors degree and 12 years of relevant experience.
• An additional 4 years of work experience will be considered in lieu of degree.
• Ability to resolve highly complex malware and intrusion issues using computer host analysis, forensics, and reverse engineering.
• Ability to recommend sound counter measures to malware and other malicious type code and applications which exploit customer communication systems.
• Has knowledge in development of policies and procedures to investigate malware incidents for the entire computer network
• Experience with Debuggers, Disassemblers, Unpacking Tools, and Binary analysis tools.
• Experience with static and dynamic malware analysis tools and techniques.
• Ability to identify remediation steps for cybersecurity events.
• Experience with Splunk and EDR tools such as Microsoft Defender for Endpoint (MDE), Tanium.
• Ability to analyze a variety of Operating System log types.
• Experience in the development of policies and procedures to investigate malware incidents for the enterprise network.
• Knowledge of IOCs and APT threat actors.
• Knowledge of the Incident Response Lifecycle.
• Knowledge of host and network forensic analysis.
• Demonstrated strong organizational skills.
• Proven ability to operate in a time sensitive environment.
• Proven ability to communicate orally and written; ability to brief (technical/informational) senior leadership.
• Experience collaborating with cross functional teams.
• Experience with static and dynamic malware analysis tools and techniques.
• At least ONE of the following as an active certification: 
• CASP+ CE, CCISO, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR, CISA, CISM, CISSP (or Associate), CISSP-ISSAP, CISSP-ISSEP, Cloud+, CySA+, GCED, GCIA, GCIH, GICSP, GSLC, SCYBER.
• An active Interim Top Secret security clearance w/ SCI eligibility.

Preferred Qualifications:

• Understanding of Security Operations Center processes and workings.
• Experience with ServiceNow Ticketing Software.
• Experience in the development of policies and procedures to investigate malware incidents for the enterprise network.
• Experience handling state and national level intrusions.
• Demonstrated ability to utilize and leverage forensic tools to assist in determining scope and severity of a cybersecurity incident.
• Knowledge of high- and low-level programming.
• Experience in developing and delivering comprehensive training programs.

EEO Statement