WE ARE LOOKING FOR A FORENSIC ANALYST

Secure Network Technologies, Inc. is seeking a Forensic Analyst who can tear apart a system and find data such as breach indicators, sensitive files, targeted content and other requested data.

Duties to include:

  • Demonstrate expert-level knowledge of network traffic and communications, including known ports and services;

  • Demonstrate a knowledge of the Windows operating system, knowledge in various Linux distributions and the Unix framework;

  • Demonstrates knowledge of the following security related technologies: IPS, IDS, SIEM, firewalls, DNS, encryption, HIDS, NIDS, proxies, Network Packet Analyzers, malware analysis, forensic tools, and enterprise level appliances;

  • Demonstrate an understanding of various open source and commercial analysis tools used for incident analysis, both network and host-based;

  • Demonstrate understanding of DoD accreditation policies, processes, and practices;

  • Demonstrate expert-level knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) operations in an organization similar in size to this acquisition;

  • Expert proficiency in conducting research and analysis, compiling relevant all source intelligence to incorporate into analytical products and technical briefings;

  • Demonstrate expert ability to analyze and identify relationships and trends between incidents in the short term and patterns across incidents in the long term and report trend analysis in quarterly and yearly trend analysis reports;

  • Demonstrate expert ability to extract actionable information and indicators from intelligence reporting and articulate to network defenders to update network security posture;

  • Demonstrate knowledge of threat intelligence tradecraft, structured analytic, contrarian, and imaginative analytic techniques;

  • Demonstrate expert knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]);

  • Demonstrate knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., central processing units [CPUs], network interface cards [NICs], data storage);

  • Demonstrate expert ability to analyze of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT])

  • Performs forensic analysis of digital information and gathers and handles evidence

  • Identifies network computer intrusion evidence and perpetrators

  • Investigates computer fraud or other electronic crimes, crack files and system passwords, detects steganography and recovers deleted, fragmented and corrupted data from digital media of all types

  • Ensures chain of custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports

Desired Certificates (two or more)

·       CFCE

·       CHFI

·       GCFA

·       GCFE

·       ACE

·       Security +CE

·       CCNP Security

·       CySA++

·       GICAP

·       GSEC

·       SSCP

·       CySA++

·       GICSP

·       SSCP

·       CFR

Required Skills:

  • Bachelor's Degree in IT field (OR 4+ years of experience in Incident Response in lieu of a degree)

  • 6+ years of Incident and Malware analysis experience

  • Knowledge of Cyber Collection Management, Dissemination, Artifact Analysis

Preferred Skills:

  • Knowledge/Understanding of the Diamond Model Concept

  • Situational Awareness of how to perform report research on U (OSINT)/S/TS

  • Basic networking and PCAP deciphering capabilities

  • Excellent verbal and written communication skills

  • Industry training and knowledge of NIST standards

Job Type: Full-time

Education:

  • Bachelors Degree Required


WE ARE LOOKING FOR A PENETRATION TESTER

Secure Network Technologies, Inc. is seeking a Penetration Tester who can plan, communicate, coordinate and conduct penetration tests and security assessments for applications, systems and enterprise networks.

  • Plan, communicate, coordinate and perform penetration testing, application testing, and security assessments at application, system and enterprise level.

  • Develop Rules of Engagement, scoping documents and reports.

  • Perform manual penetration tests and validation of vulnerability scan results.

  • Develops automation/scripts for replicating vulnerability validation and penetration tests.

  • Devises plans and scenarios for various types of penetration tests.

  • Documents vulnerabilities, relevant exploits, and remediations in final vulnerability assessment report.

  • Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities.

  • Contributes to developing and implementing tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, etc. to ensure useful, measurable, and repeatable methods applied to quantifying risk.

  • Selects, installs, and configures security testing platforms and tools or develop tools and procedures for penetration tests.

  • Performs penetration testing using standard penetration tools (Metasploit, Nmap, Nessus, Burp Suite, etc.).

  • Performs off-hours work as necessary.

Required Skills:

  • 3-5 years of penetration testing experience is required

  • 4+ years of network or system security

  • Experience with web and mobile applications, databases, operating systems

  • Experience with utilizing penetration testing framework such as OWASP or Mitre Attack Framework.

  • Experience with FISMA / PCI-DSS compliance, ISO 27000 / NIST SP 800 Frameworks

  • 4+ years of network or system security

  • Excellent communication and interpersonal skills

  • Hands-on OS configuration/administration experience

  • Programming experience with focus on penetration testing or process automation

  • Experience with the following technologies: Kali Linux, Metasploit and Nmap

Desired Skills:

  • Experience with regulatory compliance, policy development, and policy enforcement

  • Experience with regulatory compliance, policy development, and policy enforcement

  • Experience with cyber security development projects and programs for U.S. Government and/or commercial clients

  • Experience with process development and deployment

  • Experience with the following technologies: Nessus, Tenable Security Center, HP Fortify, IBM AppScan, Web Inspect

  • Experience with three or more of the following: Security COTS integration, Operating System Hardening, Vulnerability Assessment testing, Identification and Authentication schemes, Public Key Infrastructure and Identity Management, Cross Domain Solutions, Reverse Engineering

Desired Certifications:

OSCP/OSCE/OSWE, GPEN, GWAPT, CISSP, CEH

Required Education: BA/BS in computer science, information security, or a related field or equivalent experience.


WE ARE LOOKING FOR AN OPEN SOURCE INTELLIGENCE ANALYST

Secure Network Technologies is seeking an experienced, motivated OSINT Analyst to join our staff. The OSINT Analyst will work closely with the customer and be responsible for providing OSINT related intelligence collection and reporting on said collections. The successful candidate must be well-versed in social media information gathering, OSINT tools/techniques, able to work in a team environment and communicate with customers.

Responsibilities:

  • Gather, extract, and disseminate open source intelligence (OSINT) on in scope individuals/entities

  • Develop and generate customer facing reports

  • Deliver/review reports with clients

  • Assist penetration testing team with OSINT related discovery and collection

Qualifications

  • 1+ years of OSINT related collection experience

  • 1+ years of technical writing experience

  • Ability to present findings to customers

  • Experience with OSINT tools including, but not limited to:

    • Maltego

    • Recon-NG

    • Kali Linux

    • Pipl

    • Spokeo

    • Intellius

    • Whitepages