Cyber Threat Emulation Analyst (TS/SCI clearance)

Company: Red River Technology LLC
Location: San Antonio
Posted on: August 6, 2022

Job Description:

PositionSummary:Red River is seeking a Residency Services team member to join our team based in San Antonio for our important DOD customer. They will be supporting a mission with multiple other Residents from Red River. Team Red River is seeking a Cyber Threat Analyst for the 33rd Network Warfare Squadron (33 NWS) conducting Air Force Defensive Cyberspace Operations. This contract provides support 24 hours a day/seven days a week/365 days a year spanning cyber defense, network operations and information protection.Primary Position Tasks:The ability of the AFCERT to complete its mission is dependent upon the ability to develop methods to identify, contain, log and analyze security vulnerabilities/holes on Air Force systems. The CTE&A analyst contractor employees may be required to provide 24-hour coverage (shift work) for seven (7) days a week, 365 days a year with zero tolerance for error. Conduct both automated and manual enterprise vulnerability assessments, including conducting regular patch & configuration vulnerability assessments as directed by operational flight leads. Conduct Cyber Threat Emulation operations, and coordinate with security teams to strengthen the overall security posture of the AFNet and AFIN various tools and capabilities. Test for realtime security vulnerabilities, conduct assessments, and assess vulnerability risk and impact. Continuously develop and maintain safe and valid procedures to actively test Enterprise defensive measures. Develop mitigations, policies, and procedures to coordinate with internal teams. Work with incident response team to better design response policies and procedures. Generate threat intelligence indicators during the course of Cyber Threat Emulation operations and provide reports back to ACD operators. Coordinate with internal and external intelligence teams in order to replicate threat actor (TA) Techniques, Tactics, and Procedures (TTPs). Research and evaluate threats and vulnerabilities to assist in prioritization of remediation actions. Utilize knowledge and understanding of the Cyber Threat Framework (ODNI) and production of Threat Emulation findings. Utilize the MITRE ATT&CK framework to perform cyber security operations testing, and develop improvements based upon real adversary behavior. * Formulate, lead and persuade individuals, large teams and communities on ideas, concepts, and opportunities.Leverage research, frameworks, and best practices on the latest exploits and security trends and currency on industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate. Provide information to operational leaderships tasking as required as it relates to CTE actions.Contract support requires 100% IAT Level III CND compliance.Minimum Education/Certification/ExperienceRequirements:Five (5) years of penetration testing experience. Demonstrated advanced knowledge of cyber security operations with master of two or more of the following: attack surface management, Security Operations Center (SOC) operations, Intrusion Detection/Intrusion Prevention Systems (IDS/IPS), Security Information and Event Management (SIEM) use, threats (including Advanced Persistent Threat (APT), insider), vulnerabilities, and exploits; incident response, investigations and remediation.Experience with PowerShell, BASH or Python scripting/programming language. Must have a strong understanding of Linux Operating System.Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)Preferred Education/Certification/Experience:College EducationEssential Elements (Mental; Physical; Equipment used):This position is an office position that requires remaining in a stationary position for multiple hours throughout the workday.This position requires the ability to continuously communicate with co-workers throughout the day utilizing Red River approved and/or provided communication tools and equipment.SpecialRequirements:This position will operate from the location specified above. Some travel may be required, not to exceed 25%.Clearance Level:TS/SCIMust be willing to work shift workRed River offers a competitive salary, excellent benefits and an exceptional work environment. You can review our benefit offerings here. If you are ready to join a growing company, please submit your resume and cover letter (optional).EOE M/F/DISABLED/VetRed River is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status.Red River does not accept unsolicited resumes from individual recruiters or third party recruiting agencies in response to job postings or otherwise. Placement fees will not be paid to any recruiter unless Red River has an active agreement in place with the recruiter and such a request has been made by the Red River Talent Acquisition team and such candidate was submitted to the Red River Talent Acquisition Team via our Applicant Tracking System. Any unsolicited resumes or other data submitted to Red River in violation of this policy may be used by Red River without obligation to pay any fees of any kind to the recruiter.SDL2017

Keywords: Red River Technology LLC, San Antonio , Cyber Threat Emulation Analyst (TS/SCI clearance), Professions , San Antonio, Texas