Cyber Security Analyst
- Job Type: Permanent
Leidos is a global science and technology solutions leader working to solve the world's toughest challenges in government, defence, intelligence, border protection and health markets. The company's 32,000 diverse and talented staff support the vital missions of our customers.
Leidos has an immediate opening for a Cyber Security Analyst to join our Cybersecurity Intelligence & Response Team (part of Enterprise Technology Services) in Canberra, ACT.
In this role, you will be focused on defending Leidos' global networks through threat hunting, and tactical analysis of ongoing attacks by criminal and nation state actors. You will perform data analysis, incident response, investigative analysis, and research on existing and emerging cyber threats, particularly those directed against Leidos' global networks. You will be expected to "think like an adversary" and engage in threat hunting operations leveraging your understanding of the tactics, techniques and procedures employed by advanced threats combined with intelligence from multiple sources.
In a typical day you might:
- Analyze network and host activity associated with both successful and unsuccessful intrusions by advanced attackers using digital forensics and search queries of centralised logs
- Perform network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output.
- Leverage understanding of tactics, techniques and procedures associated with advanced threats to create and add custom signatures that mitigate highly dynamic threats to the enterprise.
- Assist enterprise incident response efforts, helping to drive incidents to resolution.
- Proactively research emerging cyber threats. Apply analytical understanding of attacker methodologies and tactics, system vulnerabilities, and key indicators of attacks and exploits.
- Participate in threat hunt operations using known adversary tactics, techniques and procedures, as well as indicators of attack, in order to detect advanced threats to the enterprise.
- Collaborate using information and knowledge sharing networks and professional relationships to achieve common goals.
- Stay abreast of world-wide events that are indicators of developing trends for situational awareness.
- Assist in data spills and insider threat investigations
- Review Cyber Security documentation as required
- Some on-call/weekend work may be required
- Documentation creation as required
About you and what you'll bring
- Experience performing analysis and correlation of log data from multiple sources including PCAP and forensic artifacts.
- Strong understanding of Operating Systems and Network Protocols.
- Experience with Splunk (preferred) or other SIEM-type platform
- Ability to create, modify, and implement signatures to detect threats.
- Understanding or working experience of the Incident Response process as detailed in the NIST special publication 800-61
- Proficiency with Microsoft Windows administrative tools, and the Unix/Linux command line.
- Understanding of Security Orchestration Automation and Response platforms such as Demisto in a SOC environment.
- Understanding of behavioral based threat models, including ATT&CK, Cyber Kill Chain, Diamond Model, etc.
- Experience with common languages (like Perl and Python) to parse logs, automate processes, and integrate systems.
- Knowledge of Computer Network Exploitation (CNE), Computer Network Attack (CNA) and Computer Network Defense (CND) tools and techniques.
- An understanding of advanced cyber threats targeting enterprises, along with the tools, tactics, and procedures used by those threats.
- Understanding and application of threat and data modeling, advanced data correlation, and statistical analysis to develop alerts, notable events, investigative dashboards and metrics driven reports.
You ideally hold a baseline clearance and are eligible to obtain an NV1 clearance. Australian citizenship is a requirement for clearance purposes.
For more information, visit www.Leidos.com