Company name: Pine Point Group.

Title: Network and Threat Support Specialist (Senior)
Clearance: TS/SCI clearance with a Full Scope Polygraph

Location: Fort Meade, MD


This effort requires personnel who can analyze, map, protect or discover vulnerabilities, intrusions and threats in computer network systems. In addition, personnel may be required to:

Have a working knowledge of forensic media analysis, perform in-depth diagnostic analysis of computer and network intrusions, determine if modifications have been made to a suspect system(s) and the vector by which that modification occurred;
Perform in-depth analysis of computer and network intrusion incident data and in-depth technical analysis of network traffic with the goal of detecting malicious activity; and/or
Perform long-term and time sensitive, in-depth technical analysis of malicious code (malware), analyze the inner workings, and develop defensive countermeasures.

Designing, demonstrating, developing, implementing, and updating exploitation or protection methods and recommending mitigation strategies and techniques.
Evaluating multiple operating systems, network configurations, network architectures and topologies for potential technical and/or operational vulnerabilities. Efforts also include: Determining the threat to U.S. networks of interest posed by adversarial systems, activities or operations.
Analyzing network transports and application layer packets and identifying packet details.
Identifying anomalies at the packet level and developing signatures to support various collection platforms.
Demonstrating proficiency with common network protocols and analysis tools, specifically Wireshark (Ethereal).
Performing each phase of cyber activity tracking; conducting network reconnaissance to detect the presence of unexpected behavior, identifying anomalous activity, categorizing and tagging intrusive activity. Efforts also include:
Performing network intrusion incident response and network attack characterization and reconstruction.
Identifying signatures, attack scenarios, attacker profiles, and other relevant information to enhance NTOC’s knowledge of the adversary and the techniques employed.
Performing in-depth technical analysis with the goal of determining what the intruder did or attempted to do, where they came from, how they got in, their motivation, and anything else that can be learned from analyzing the intrusion data to include: Conducting real world, near real time, monitoring, analysis and reporting.
Developing techniques for the identification and analysis of malicious activity.
Understanding the development of SNORT signatures or similar intrusion detection syntax.
Determining the extent of malware’s capabilities, how to detect it and to assess its impact on affected systems.
Utilizing tools (in-house, freeware, commercial) and analytical techniques to determine the levels of severity and potential mission impact of anomalous behavior.
Writing scripts/tools to develop an analysis capability to include: Performing in-depth technical analysis of collected network traffic.
Applying basic analytic methods such as computer programming, (JAVA, Perl, C, etc.) and debugging programs.
Developing technical techniques and processes.
Reviewing log files, Access Control List (ACL), network Intrusion Detection System (IDS) records and host IDS records for evidence of pre-intrusion activity.
Responding to Information Needs (IN) requests, coordinating with other organizations as appropriate.
Developing end-product report drafts and entering them into report production systems.
Documenting analytical results, processes, and methodologies, and generating technical ideas to include: Characterizing methods with respect to resources and capabilities required or risks of detection and attribution.
Compiling situational reports for each cyber tracking phase to document status.
Technically documenting and reporting on forensic findings to include attack mechanisms, forensic procedures and defensive strategies.
Discovering methods of protecting specific networks, computer systems or specific hardware or software.
Independently conducting comprehensive analysis on all types of forensics microcomputer and computer media. Efforts also include:
Forensically analyzing magnetic and optical media using forensic software applications.
Conducting forensic examination of computer-related equipment, including network devices.
Analyzing and interpreting technical data.
Participating in team building research efforts, and sharing analytical techniques and research methodologies. Efforts also include:
Scheduling meetings, analytic exchanges, organizing data, and providing overall support to branch and division-level managers.

Shall have a minimum of eight (8) continuous years of work experience in network and vulnerability analysis, or a combination of a minimum of six (6) continuous years of work experience in network and vulnerability analysis and a Bachelor’s degree in an applicable (math, science, computers, engineering) field. Work experience shall include four (4) years of IC experience in network and vulnerability analysis.

Shall have a minimum of eight (8) continuous years of work experience in network and vulnerability analysis.
Have the ability to perform packet level analysis, Intrusion Detection, and Incident Handling.
Be able to investigate and resolve highly complex operational matters.
Must have experience in using test tools and writing scripts (Perl, Python, Ruby, etc) as needed to suit unique situations.
Understanding of malware reverse-engineering.
Shall have demonstrated expertise related to the use of relevant CNO and SIGINT tools and databases used for the customer mission. Shall also demonstrate analytic ability to discover unknown, suspicious or exploitation activity, be able to provide briefings of intrusion set activity to partner organizations, and be knowledgeable about all forms of reporting and experienced with creating each product type, and thus be able to organize training for other team members on analysis, tools, or reporting.
Shall have demonstrated the analytic expertise to perform technical analysis for exploitation of an identified activity that is of an unknown or suspicious origin, competence with relevant analyst tools and databases used by the customer organization, and communications skills that include the ability to provide formal documentation of analysis and/or research results. Shall be considered a Subject Matter Expert in one or more fields appropriate to Intelligence Analysis or Computer Networking technologies, and be able to serve as a Subject Matter Expert for working groups and meetings with partner organizations / agencies.
Shall have demonstrated expertise in analyzing intelligence information and technical data, analyzing exploitation opportunities, interpreting analytical results, writing and editing skills at a technical/professional level, and managing internal and external customer relations.
Shall have demonstrated skills working through the SIGINT and/or other intelligence disciplines’ production processes, to include tasking, researching, processing, reporting, and disseminating of collection, information, or final products.
Shall demonstrate the ability to understand and interpret technical data through knowledge of technologies and network topologies.
Shall have demonstrated expertise in documenting information and processes and gathering intelligence information of an identified threat activity through SIGINT and/or other intelligence disciplines, Internet, and other research means.
Required Tools/Certifications: Wireshark/Ethereal, IDA, OllyDbg, Nessus, Snort, tcpdump, tcp wrapper, IDS (various), ISS scanner, eEye digital vulnerability scanner, <forensics work at host, network, or software levels>, <penetration testing work>, <malware, spyware, botnet work>, GCFIH, CNDA, DoD Forensic examiner, DoD Media Collector, Security +, Nmap, SSCP, Cisco CCNA ( and other Cisco related network certs), Network +, Net Impact
Preferred Tools/Certifications: Wireshark, Nessus, Snort, tcpdump, tcp wrapper, IDS (various), ISS scanner, eEye digital vulnerability scanner, Network +, One or more of the following certifications: CCISP – Certified Critical Infrastructure Security Professional, CISM – Certified Information Security Manager, CISSP – Certified Information Systems Security Professional, SSCP – Systems Security Certified Practitioner, GIAC – Global Information Assurance Certification, CSP – RSA Certified Security Professional, CPP – Certified Protection Professional