The Kenjya-Trusant Group is looking for an Intrusion Analyst to support our customer in San Antonio, TX.
Essential Job Functions:
- The Contractor should be comfortable with network analysis, network anomaly detection, IOC's, Miter Attack framework, use proprietary tools, and be able to analyze data to discover malicious or unauthorized activity collected from various sources.
- The Contractor shall analyze metadata collected from tasked communications systems in order to identify, locate, and track targets, and to accurately report the intelligence gained from metadata analysis. The Contractor shall categorize traffic as benign, suspicious, or malicious activity; and document malicious tactics, techniques, and procedures (TTPs). The Contractor shall develop and implement mitigation strategies. The Contractor shall have a network and/or host-based focus.
- The Contractor shall analyze and produce intelligence information:
- Conduct analysis of metadata.
- Conduct target analysis.
- Conduct target research including classified and open-source research.
- Analyze intercepted foreign intelligence and reconstruct and document foreign cyber actors' digital networks.
- Discover and analyze the TTPs used by foreign cyber actors.
- Leverage knowledge of customer requirements to analyze and process intelligence information.
- Merge information gathered from open source and classified sources into serialized cyber and SIGINT reporting.
- Identify indicators that contribute to attribution of malicious activity.
- The Contractor shall perform computer network defense:
- Document and disseminate malicious adversary's TTPs to enable direct/active defensive actions that will mitigate computer network intrusions.
- Maintain situational awareness of current computer network defense (CND) conditions using information from external data sources (for example, computer network defense vendor sites, Computer Emergency Response Team (CERT) publications, SysAdmin, Audit, Network and Security (SANS) institute training, Security Focus).
- Leverage open source/all source intelligence to understand current vulnerabilities and exploits malicious actors may use to gain access to defended networks, and capture/share knowledge that will drive mitigation.
- Apply principles, methods, and tools for assessing and mitigating threats/vulnerabilities and associated risks.
- The Contractor shall perform target development:
- Determine targeting significance of intercept-related metadata and content.
- Identify and analyze anomalous computer network activity on target computer networks.
- Identify and analyze foreign cyber actors' digital networks.
- Analyze foreign cyber actors' TTPs.
- Apply principles and practices related to target development such as in- depth target knowledge, social network analysis, and communications systems and infrastructure to expand collection and access to target communications.
- The Contractor shall perform host-based malware analysis:
- Provide end-to-end analytic and technical insight, for discovery of new patterns and trends across malware families, intrusion sets and network infrastructure from a variety of systems with corporate analysis tools, and programming skills in Java, JavaScript, Python, Ruby, and/or Pig/Hadoop to assist in mission requirements.
- Employ operational knowledge, skills and abilities to execute industry standard and custom malware analysis tools against and understand trends of malware, computer and network vulnerabilities, data hiding, and encryption.
- Develop, test and modify basic high-confidence rules/signatures to counter malware (for example, YARA, SNORT).
- Perform run-time analysis of malware.
- Analyze and mitigate various malware techniques involving unpacking, de-obfuscation and anti-debugging.
- Identify and reconstruct unknown file formats.
Minimum Required Qualifications:
- Due to the nature of this position and the information that employees will be required to access; U.S. Citizenship is required.
- Eight (8) years minimum experience and a Bachelor's Degree.
- Six (6) years minimum experience and a Master's Degree.
- Four (4) years minimum experience and a Doctorate Degree.
- Ten (10) years minimum experience and an Associate Degree
- Required Security Clearance: TS/SCI with Poly.
Additional Required Tasks:
- Using network data to discover, analyze, and document malicious or unauthorized activity using information called from a variety of SIGINT and computer network defense resources. Then categorize traffic as benign, suspicious, or malicious; and document malicious TTPs. Develop mitigation strategies for govt implementation. Network and host-based analysis.
- The Contractor shall analyze and produce intelligence information:
- Use critical thinking and reasoning to make analytic determinations.
- Critically evaluate and select the appropriate formal methods of analysis.
- Select, build, and develop query strategies against appropriate collection databases.
- Evaluate information for accuracy, quality, completeness, relevancy and timeliness.
- Identify and evaluate assumptions underlying information or data.
- Identify relationships, trends, and patterns in, or draw conclusions from information.
- Merge information gathered from different authorities.
- Monitor open and classified sources for useful information.
- Use knowledge of customer requirements to analyze and process intelligence information.
- Identify and analyze anomalous data (including metadata).
- Conduct, evaluate or participate in research.
- Be aware of intelligence reporting policies and procedures, such as dissemination practices, and legal authorities and restrictions.
- Provide feedback to tool developers.
- The Contractor shall create and maintain documentation of their analysis, tradecraft, research and knowledge.
- The Contractor shall follow oversight and compliance:
- Comply with legal and regulatory policies and procedures required for the selector targeting, collection, processing, retention, and dissemination of information.
- The Contractor shall use NSA/CSS Mission/Policies/Directives:
- Apply NSA/CSS policies and directives.
- The Contractor shall use information security:
- Apply policies, procedures, and requirements for ensuring information security.
- The Contractor shall acquire/share job knowledge/skill:
- Learn and apply new technologies and work processes.
- The Contractor shall train government and other Contractor personnel:
- Provide formal and informal analysis tradecraft training in all forms including on- the-job training, creation of video training artifacts, conducting formal and informal training in physical or virtual classroom settings.
- The Contractor shall work with others:
- Provide customer service.
- Provide timely and accurate responses to requests for assistance, information, products, or services.
- Work with others across analysis disciplines in order to produce the best possible results.
Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. The Kenjya-Trusant Group offers competitive compensation, a flexible benefits package, career development opportunities that reflect its commitment to creating a diverse and supportive workplace. Benefits include, not all inclusive – Medical, Vision & Dental Insurance, Paid Time-Off, Company Paid Holidays, 401K, Personal Development & Learning Opportunities.
The proposed salary range for this position is: $135,000.00 - $170,000.00.
Employment Type: Full-time, Exempt.
The Kenjya-Trusant Group, LLC is an Equal Opportunity/Affirmative Action Employer that does not unlawfully discriminate in any of its programs or activities on the basis of race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other basis prohibited by applicable law. We strive to create a diverse, inclusive and respectful work culture that values all.
THE KENJYA-TRUSANT GROUP, LLC is a Service-Disabled Veteran-Owned Small Business that was established in 2015 as a merger between The Kenjya Group, Inc. and Trusant Technologies, LLC. Our mission is to implement, support and protect the nation’s advanced technology systems, business processes and high-technology facilities. Working with the Department of Defense, Department of Homeland Security, the Intelligence Community, state and local governments, and commercial clients, Kenjya-Trusant provides cyber protection, information technology, engineering, construction management and acquisition support services. We are a small company with big company benefits, including Health, Dental, Vision, 401K, Bonus Potential, Flexible Spending Account, Life Insurance, Short- and Long-Term Disability, Paid Time Off, and a culture of teamwork and continuous learning. Come grow with us!