Vencore is a proven provider of information solutions, engineering and analytics for the U.S. Government. With more than 40 years of experience working in the defense, civilian and intelligence communities, Vencore designs, develops and delivers high impact, mission-critical services and solutions to overcome its customers most complex problems. Headquartered in Chantilly, Virginia, Vencore employs 3,800 engineers, analysts, IT specialists and other professionals who strive to be the best at everything they do. Vencore is an AA/EEO Employer - Minorities/Women/Veterans/Disabled
Network Defense Engineer to support Missile Defense Agency Tier 2 Cybersecurity Service Provider within the MDA Computer Emergency Response Team (CERT) on the JRDC program in Huntsville, Alabama.
This position requires a Lead Network Defense Engineer to conduct intrusion detection and incident response on customer networks and maintain situational awareness of enterprise-wide network security.
1) Analyze event logs from network security devices (e.g., network and host-based security systems, firewalls, routers, switches, etc.) and mission critical servers for indicators of compromise and known attack patterns.
2) Develop and disseminatate of computer network defense (CND) alert and notification messages to warn customers of threats and provide guidance for countermeasures to defend against identified threats.
3) Review data originating from or reflecting status of ongoing intrusions or cyber security incidents and document the findings according to established procedures.
4) Analyze vulnerabilities against known exploits that do not have vendor-provided mitigation or remediation action in enterprise cyber-threat environment and disseminate guidance to improve network defensive posture.
5) Respond to cybersecurity incidents, including reporting all pertinent details utilizing internal and external data management systems.
6) Conducts digital forensic analysis and collect potential evidence by analyzing content of compromised systems. Documents relevant findings, and/or identifying the tactics, techniques, and procedures used by an attacker and preserve forensic chain of custody for evidence when required.
7) Support the development, establishment, review and update of CND procedures, processes, manuals, and other (CERT) documents
Requires 16+ years with BS/BA or 14+ years with MS/MA or 10+ years with Ph.D.
Master’s degree in Information Technology, Cybersecurity, or other STEM discipline. Additional work experience may be considered in place of Master’s degree
• 5 years’ experience as a network defender or functional area
• 15 years of total experience in related IT field, i.e., servers, routers, firewalls
• Must have a current DoD 8570.01-M IAT Level III certification with Continuing Education (CE)
• Must be able to obtain a DoD 8570.01-M CNDSP Analyst or Incident Responder certification within 6 months of hire
• Candidate must have an active DoD Secret security clearance to start; must have or be able to obtain and maintain DoD Top Secret clearance with SCI eligibility
• Experience with security analysis and solutions in a WAN/LAN environment
• Must have excellent technical writing skills to accomplish required forensic and incident reporting
• Must be willing to work in an operational environment, which may require extended hours with no notice on evenings, nights, holidays, and weekends
• Must be willing to travel - infrequent and less than two weeks
• Must be willing to provide training to other analysts
Experience with CERT/CSSP, network, and system security policies and procedures
• Experience with correlating security events across a WAN using SIEM tools, ArcSight preferred
• Experience with other CND tools/applications, such as Network Security Manager, Bluecoat, Barracuda
• Current DoD Top Secret clearance
• GCIA, GCIH, or GCFA certified preferred
Location(s): Redstone Arsenal