WE ARE LOOKING FOR A FORENSIC ANALYST
Secure Network Technologies, Inc. is seeking a Forensic Analyst who can tear apart a system and find data such as breach indicators, sensitive files, targeted content and other requested data.
Duties to include:
Demonstrate expert-level knowledge of network traffic and communications, including known ports and services;
Demonstrate a knowledge of the Windows operating system, knowledge in various Linux distributions and the Unix framework;
Demonstrates knowledge of the following security related technologies: IPS, IDS, SIEM, firewalls, DNS, encryption, HIDS, NIDS, proxies, Network Packet Analyzers, malware analysis, forensic tools, and enterprise level appliances;
Demonstrate an understanding of various open source and commercial analysis tools used for incident analysis, both network and host-based;
Demonstrate understanding of DoD accreditation policies, processes, and practices;
Demonstrate expert-level knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) operations in an organization similar in size to this acquisition;
Expert proficiency in conducting research and analysis, compiling relevant all source intelligence to incorporate into analytical products and technical briefings;
Demonstrate expert ability to analyze and identify relationships and trends between incidents in the short term and patterns across incidents in the long term and report trend analysis in quarterly and yearly trend analysis reports;
Demonstrate expert ability to extract actionable information and indicators from intelligence reporting and articulate to network defenders to update network security posture;
Demonstrate knowledge of threat intelligence tradecraft, structured analytic, contrarian, and imaginative analytic techniques;
Demonstrate expert knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]);
Demonstrate knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., central processing units [CPUs], network interface cards [NICs], data storage);
Demonstrate expert ability to analyze of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT])
Performs forensic analysis of digital information and gathers and handles evidence
Identifies network computer intrusion evidence and perpetrators
Investigates computer fraud or other electronic crimes, crack files and system passwords, detects steganography and recovers deleted, fragmented and corrupted data from digital media of all types
Ensures chain of custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports
Desired Certificates (two or more)
· Security +CE
· CCNP Security
Bachelor's Degree in IT field (OR 4+ years of experience in Incident Response in lieu of a degree)
6+ years of Incident and Malware analysis experience
Knowledge of Cyber Collection Management, Dissemination, Artifact Analysis
Knowledge/Understanding of the Diamond Model Concept
Situational Awareness of how to perform report research on U (OSINT)/S/TS
Basic networking and PCAP deciphering capabilities
Excellent verbal and written communication skills
Industry training and knowledge of NIST standards
Job Type: Full-time
Bachelors Degree Required
WE ARE LOOKING FOR A PENETRATION TESTER
Secure Network Technologies, Inc. is seeking a Penetration Tester who can plan, communicate, coordinate and conduct penetration tests and security assessments for applications, systems and enterprise networks.
Responsibilities will include:
Plan, communicate, coordinate and perform penetration testing, application testing, and security assessments at application, system and enterprise level.
Develop Rules of Engagement, scoping documents and reports.
Perform manual penetration tests and validation of vulnerability scan results.
Develops automation/scripts for replicating vulnerability validation and penetration tests.
Devises plans and scenarios for various types of penetration tests.
Documents vulnerabilities, relevant exploits, and remediations in final vulnerability assessment report.
Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities.
Contributes to developing and implementing tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, etc. to ensure useful, measurable, and repeatable methods applied to quantifying risk.
Selects, installs, and configures security testing platforms and tools or develop tools and procedures for penetration tests.
Performs penetration testing using standard penetration tools (Metasploit, Nmap, Nessus, Burp Suite, etc.).
Performs off-hours work as necessary.
3-5 years of penetration testing experience is required
Experience with web and mobile applications, databases, operating systems
Experience in penetration testing large and complex enterprise networks
Experience with utilizing penetration testing framework such as OWASP or Mitre Attack Framework.
Experience with FISMA / PCI-DSS compliance, ISO 27000 / NIST SP 800 Frameworks
4+ years of network or system security
3+ years of penetration test experience
Excellent communication and interpersonal skills
Hands-on OS configuration/administration experience
Programming experience with focus on penetration testing or process automation
Experience with the following technologies: Kali Linux, Metasploit and Nmap
Experience with regulatory compliance, policy development, and policy enforcement
Experience with cyber security development projects and programs for U.S. Government and/or commercial clients
Experience with process development and deployment
Experience with the following technologies: Nessus, Tenable Security Center, HP Fortify, IBM AppScan, Web Inspect
Experience with three or more of the following: Security COTS integration, Operating System Hardening, Vulnerability Assessment testing, Identification and Authentication schemes, Public Key Infrastructure and Identity Management, Cross Domain Solutions, Reverse Engineering
OSCP/OSCE/OSWE, GPEN, GWAPT, CISSP, CEH
Required Education: BA/BS in computer science, information security, or a related field or equivalent experience.
WE ARE LOOKING FOR AN OPEN SOURCE INTELLIGENCE ANALYST
Secure Network Technologies is seeking an experienced, motivated OSINT Analyst to join our staff. The OSINT Analyst will work closely with the customer and be responsible for providing OSINT related intelligence collection and reporting on said collections. The successful candidate must be well-versed in social media information gathering, OSINT tools/techniques, able to work in a team environment and communicate with customers.
Gather, extract, and disseminate open source intelligence (OSINT) on in scope individuals/entities
Develop and generate customer facing reports
Deliver/review reports with clients
Assist penetration testing team with OSINT related discovery and collection
1+ years of OSINT related collection experience
1+ years of technical writing experience
Ability to present findings to customers
Experience with OSINT tools including, but not limited to: