Each of Cyber Engineer level may have additional education, skill and/or experience requirements.
The Cyber Engineer designs, develops, documents, analyzes, tests, integrates, debugs, conducts research and/or discovers and analyzes security flaws or vulnerabilities in software, networks, systems, applications and/or provide mitigation strategies.
· Analyze output from various security devices and malware and incident reports to improve detection of and to minimize future incidents.
· Assess and analyze system security to identify and mitigate risks and vulnerabilities.
· Recommend countermeasures to mitigate risks and vulnerabilities.
· Prepare documentation, including incident reports, security recommendations, etc.
· Experience in intrusion detection and prevention systems (IDS/IPS), log analysis, malware analysis, network traffic flow and packet analysis.
· Experience with standard security principles, policies, standards and industry best practices.
· Experience with software development
· Understanding of windows and UNIX operating systems
· Understanding of security technologies and concepts, experience in design and implementation of secure network solutions including DMZs and web portals
· Knowledge of Information Assurance and Information Operations technologies and development activities.
· Understanding of the processes and guidelines for Certifying & Accrediting (DCID, ICD, NIST 800-53, SANS 20) information systems based upon experience on a large-scale development program.
· Practical experience hardening IT systems in compliance with STE/STIG guidelines
· Possesses or quickly develop a comprehensive understanding of Government Information Security policies, regulations, and guidelines.
· Experience and knowledge of networking (TCP/IP, topology, sockets and security), operating systems (Windows/UNIX/Linux), and web technologies (Internet security)
· Active Top Secret/Sensitive Compartmented Information (TS/SCI) security clearance required.
· U.S. Citizenship required.
· Experience with Security Event Incident Management, Log Correlation and Network Behavior Anomaly detection systems (ArcSight, QRadar , Splunk, Mazu, Arbor, etc.)
· Experience and/or familiarity with one of more of the following: Java, Swing, Hibernate, Struts, JUnit, Perl, Ruby, Python, HTML, C, C++, .NET, ColdFusion, Adobe, Assembly language, etc.
· Demonstrated experience and/or familiarity with VMWare and virtual machines.
· Ability to write custom tools and modify existing intrusion detection tools.
· Experience with Agile development methodology.
· Experience with automated testing tools (e.g., RSpec, Cucumber, etc.)
· Experience with one or more of the following:
o Security COTS integration
o Security Incident Event Management
o Insider Threat Monitoring
o Operating System Hardening
o Vulnerability Assessment testing
o Identification and Authentication schemes
o Public Key Infrastructure and Identity Management
o Cross Domain Solutions
o Computer Network Exploitation (CNE)
o Computer Network Operations (CNO)
o Malware Analysis
o Reverse Software Engineering
o Security engineering
· DODI 8570.1-M Compliance at IAT Level I certification required.
· No demonstrated experience required.
· Bachelor’s degree in Cyber Security, Information Security, Software Engineering or a related discipline is required. [Four (4) years of experience may be substituted for a degree.]
· Two (2) or more years of cyber security experience required. [A Master’s degree in a related discipline may substitute for two (2) years of experience]
· Bachelor’s degree in Cyber Security, Information Security, Software Engineering or a related discipline is required. [Four (4) years of experience (for a total of six (6) or more years) may be substituted for a degree.]
· Develop mitigation strategies, including influencing accessible assets and data flows (e.g. block behaviors, quarantine hosts and enclave, block and modify traffic).
· Test and provision countermeasures
· Mitigate attacks and threats by assessing the impact of countermeasures and response effects.
· Monitor and diagnose potential residual effects.