Cyber Operations Malware Analyst – Senior

WHO WE ARE: STAHL Companies provides the Program Management for its Channel of Commercial Technology companies in Government that consist of Small Businesses and New Technology start-bolthires. STAHL advocates for policies that can improve government services and maintain our government's competitive advantage, by bringing more technology into government programs. STAHL Companies advocates on behalf of our nation's innovative, new technology and small businesses looking to work with the U.S. government. We do this by aligning the voice of our small business members with advocacy for change in federal policy that will make the government market more accessible to small businesses and the commercial technology ecosystem.

The Channel's founding Technical Board Members include former government leaders and IT executives passionate about bringing best-of-breed technology to the government. Job Description: Under general direction, leads and participates in the evaluation and analysis of complex malicious code through the utilization of tools, including dissemblers, debuggers, hex editors, un-packers, virtual machines, and network sniffers. Responsible for providing findings in a technical report with details of the malware, identification parameters, advanced capabilities, and mitigation strategies.

Conducts research in the area of malicious software, vulnerabilities, and exploitation tactics. Requires experience with application security, network security, reverse engineering, or malware. Requires strong knowledge of worms, viruses, Trojans, rootkits, botnets, Windows internals, and the Win32 API. Extensive experience required in programming (assembly and web) and system analysis with various tools, including IDA Pro, Ollydbg, PCAP tools, or TCP Dump. Professionally certified, within a Computer Network Defense (CND) discipline, as Technical Level III as defined by DODI 8570 is a requirement.

We are seeking a skilled and experienced Cyber Operations Malware Analyst –

Senior to ! Successful Stahl Companies employees possess the following traits: An ability to get things done: You are persistent, resourceful, results-oriented, and action-oriented. You constantly plan ahead and foresee issues before they occur. Analytical: In order to improve your comprehension of the market and the demands and problems of your clients, you have good analytical abilities and are at ease reading quantitative data.

Creative mind-set: You are able to solve problems creatively and swiftly adjust. You possess a thorough understanding of product management principles and the ability to apply them when analysing data and making recommendations. Emotional Intelligence: You have a strong sense of self and excellent perception of how important relationships function. You are upbeat, sympathetic, adaptable, and inquisitive. Your genuineness, warmth, and competence help you win the respect of your co-workers. Trustworthy: You have a strong sense of morality, principles, and purpose.

You are trustworthy because of how you conduct yourself. You are a living example of the company's values. Responsibilities: • Monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (bolthires) and is responsible for directing and coordinating detection and response activities performed by each Component SOC • Direction and coordination are achieved through a shared DHS incident tracking system and other means of coordination and communication • Duties include maintaining a fly-away kit, performing dead box forensics, and dynamic malware analysis • Will support investigating computer and information security incidents to determine extent of compromise to information and automated information systems • Will provide network forensic and intrusion detection support to high technology investigations in the form of researching and will maintain proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security and encryption • The Analyst should have experience in monitoring and detection, and incident response to support detection, containment, and eradication of malicious activities targeting customer networks • The analysts participate in briefings to provide expert guidance on new threats and will act as an escalation point for M&A analysts • The analyst may also be required to author reports and/or interface with customers for ad-hoc requests • Flexible start times are considered • Participates in rotating on call schedule • Help define requirements and identify gaps for performing remote compromise assessments • Perform as a senior analyst and liaison between the customer and ESOC while performing remote assessments • Conduct malware analysis using static and dynamic methodologies (e.g.

debuggers [Ollydbg], disassembler [IDA Pro], sandbox execution, etc) • Produce malware reports to disseminate to the watch floor and enterprise • Capture forensic artifacts such as memory and disk images • Pivot on the forensic data working with the Cyber Threat Intelligence team to determine if the malware is part of a larger campaign, how DHS is being targeted and take any further remediation required • Lead remote compromise assessments and produce final assessment report • Perform live box and dead box forensics to identify compromise and attack vector • Provide input for SOC improvement and identify visibility gaps for enterprise monitoring • Deploy and configure network sensors (Suricata), manage Linux VMs (Security Onion, Ubuntu, CentOS), and maintain a small network • Potentially travel to other DHS locations (1-3 times/year) to support Incident Response investigations • Develop and maintain SOPs and ROE templates • Develop and implement hunt methodologies for fly away assessments and for the SOC

Qualifications: • Requires a minimum of a Bachelors degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS eight (8) years of professional experience in incident detection and response, malware analysis, or cyber forensics • Of the eight (8) years of professional experience requirements above, Cyber Forensics and Malware Analyst candidates shall have at least one (1) of the following specialized experience for their position: • Digital Media Forensics Analyst: Candidates shall have a minimum of five (5) years of professional experience performing digital media forensic analysis, static malware code disassembly/analysis, and/or runtime malware code analysis • Incident Response Analyst: Candidates shall have a minimum of five (5) years of professional experience responding to information system security incidents • Ability to use the DHS furnished toolset to identify and determine root causes of incidents and provide any required documentation and possible evidence to security investigators • Must have TS/SCI In addition to specific security clearance requirements, all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program • SANS GIAC: GCFA, GCFE, GREM, GXPN, GISF, GCTI, GOSI, or GCIH ISC2: CCFP, CISSP • Experience in supporting malware analysis and forensics in cyber operations, and/or federal law enforcement • Expert knowledge in host-based analysis/forensics • Proficient in performing timeline analysis and extracting artifacts from digital media • Experienced reverse engineering and analyzing malware and developing a malware analysis report • Proficient in one more of the following computer languages Python, Bash, Visual Basic or Powershell in order to support cyber threat detection or reporting • Extensive knowledge about network ports and protocols (e.g TCP/UDP, HTTP, ICMP, DNS, SMTP, etc) • Experienced with network topologies and network security devices (e.g.

Firewall, IDS/IPS, Proxy, DNS, WAF, etc) • Proficient working in a Windows and Linux operating system • Position is contingent upon award Apply tot his job

Ready to Apply?

Don't miss out on this amazing opportunity!