ECS is seeking multiple Cyber Security Analysts (all levels) to work in our San Antonio, TX office. Please Note: This position is contingent upon contract award.
ECS, an award-winning, global security leader, is expanding our team of cyber experts. Entry to advanced positions are available. All positions include career development/progression, paid training and certs, industry-leading benefits, and opportunity to provide critical mission defense to our country.
Level 1 Cyber Analyst: Minimum 1 year experience.
- Operating in a command-line environment
- Basic familiarity with multiple operating systems relevant to our customer environments (Windows, Mac, Linux) and the similarities and differences in network traffic generated in each
- Familiarity with basic security concepts and terminology such as the CIA triad, industry best practices, risk, vulnerability, threat, attack vectors, encryption, encoding, and various types of threat actors
- Knowledge of protocols at layers 2 and higher in the OSI model, to include ARP, TCP, UDP, ICMP, DNS, Telnet, SSH, HTTP, SSL, SNMP, SMTP, and other common protocols that use the well-known ports
- Experience processing IDS alerts and identifying incidents and events in customer data
- Ability to conduct packet level analysis using tcpdump or Wireshark on the session and surrounding traffic of an IDS alert
- Capability to perform basic IDS (Snort, Suricata, Bro/Zeek, etc.) rule creation and tuning based on indicators in network traffic
- Basic technical writing skills for incident report writing, customer interaction, and process documentation
- Able to accurately transcribe and implement indicators into our environment
- Able to consume policy documentation and determine applicability in a network
Level II Cyber Analyst: Minimum 3 years experience.
- Intermediate command line experience that includes chaining Unix utilities such as sed, awk, and grep together
- Intermediate IDS (Snort, Suricata, Bro/Zeek, etc.) creation and tuning, to include performing impact analysis on customer environments and review and correction of Tier I rules
- Analysis of alert traffic plus surrounding traffic to provide context to inform analysis
- Ability to consume open and closed source and search indicators in customer data, then generate new IDS configurations for future detection
- Basic hunt experience that includes sifting non-alert-based traffic and deriving meaningful results in the absence of corresponding OSINT
- Basic vulnerability awareness and able to determine applicability to customer environments, using data to establish attack attempts and success/failure
- Maintaining current threat awareness
- Ability to analyses complex (multipacket, multi-vector, multi-exploit, large volume) traffic and derive meaningful conclusions
- Self-directed research, development, customization, or other contributions to process improvement
- Continual enrichment of IDS and moderate ability to tune on the fly
- Ability to self-educate with non-comprehensive or incomplete documentation on new concepts, protocols, and data formats
Level III Cyber Analyst: Minimum 6 years experience.
- Expert at operating in a command-line environment, to include chaining utilities, complex commands integration of tcpdump to analyse novel protocols, IP protocols, and protocols outside the scope of IDS operation or detection
- Advanced Snort capabilities, to include identifying flaws in existing rules, customization and optimization, correction of third party rules, review and correction of Tier I and Tier II rules
- Basic scripting and development to fill capabilities gaps
- Generate and maintain technical documentation for retaining institutional knowledge
- Ability to critically read and update technical documentation with regular, periodic reviews to ensure currency
- Periodic and systematic review of indicators and rules to ensure the IDS is up to date and streamlined, with non-relevant indicators being cleared
- Ability to analyse new or novel system logs or network traffic and to make meaningful hypotheses about them, absent corresponding open source information available
- Able to explain complex technical topics in layman's terms to effectively communicate with nontechnical participants
- Operationalize projects such as new tools moved into production, new detection methods shared with the DoD community
- Daily consumption of domestic and international news from multiple sites, awareness of the differing biases / slants in presentation of the sites, able to conduct additional research for historical context into particular international situations in order to drive analysis
- Clearance: TS w/ SCI eligibility is required to start.
- Certifications: Completed DoD 8570 for IAT-I required to start.
- Familiarity and background with the following technologies/tools: Snort, Suricata, Bro/Zeek.
- Experience in one or more computing environments: Windows, Mac, Linux.
- Bachelors Degree Preferred
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.