Vencore is a proven provider of information solutions, engineering and analytics for the U.S. Government. With more than 40 years of experience working in the defense, civilian and intelligence communities, Vencore designs, develops and delivers high impact, mission-critical services and solutions to overcome its customers most complex problems.
Headquartered in Chantilly, Virginia, Vencore employs 3,800 engineers, analysts, IT specialists and other professionals who strive to be the best at everything they do.
Vencore is an AA/EEO Employer - Minorities/Women/Veterans/Disabled
Standard Job Description:
Responsible for maintaining the integrity and security of enterprise-wide cyber systems and networks. Supports cyber security initiatives through both predictive and reactive analysis, articulating emerging trends to leadership and staff. Coordinates resources during enterprise incident response efforts, driving incidents to timely and complete resolution. Employs advanced forensic tools and techniques for attack reconstruction, including dead system analysis and volatile data collection and analysis. Supports internal HR/Legal/Ethics investigations as forensic subject matter expert. Performs network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks. Reviews threat data from various sources and develops custom signatures for Open Source IDS or other custom detection capabilities. Correlates actionable security events from various sources including Security Information Management System (SIMS) data and develops unique correlation techniques. Utilizes understanding of attack signatures, tactics, techniques and procedures associated with advanced threats. Develops analytical products fusing enterprise and all-source intelligence. May conduct malware analysis of attacker tools providing indicators for enterprise defensive measures, and reverse engineer attacker encoding protocols. Interfaces with external entities including law enforcement organizations, intelligence community organizations and other government agencies such as the Department of Defense.
Specific Job Description:
Conduct Packet Capture (PCAP) analysis, to include log correlation and network traffic analysis in support of investigations and operations. Utilize understanding of network architectures, common protocols, uses, and how they apply to various network topologies. Use open source and commercial tools to process large PCAP data sets and correlate findings between system and network artifacts. Identify anomalous network activity and provide detailed documentation of findings, analysis and hypotheses
Expertise in using Python to sort, de-duplicate and manipulate PCAP files.
Must have working knowledge of relational databases to create schemas and leverage relational databases in PCAP processing
Proficiency in: developing and customizing Splunk using its XML templates for advanced configuration and macros; creating Customized Splunk queries using Splunk query language; and building Splunk dashboards with search forms, views, packaging and distribution
Requires 10 to 12 years with BS/BA or 8 to 10 years with MS/MA or 5 to 7 years with PhD.