The Level 2 Malware Analyst shall possess the following capabilities:
- Conduct both dynamic and static analysis of suspicious code in order to establish malicious capability and determine potential impact.
- Experience with host and network monitoring for analysis of malware execution & propagation methodologies.
- Perform analysis on captured data, such as audit, log, network traffic, et cetera, to identify any intrusion-related artifacts.
- Understanding of operating system-specific exploitation vectors.
- Analyze malicious code by employing tools, scripting languages, and leveraging virtual machines/environments.
- Support 24/7 monitoring of malware threats to NSA networks, hosts, mission platforms, and boundaries.
- Generate documentation of vulnerabilities and exploits used by malware in written reports.
- Communicate written and verbal information in a timely, clear, and concise manner.
- Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Generate technical summary of findings in accordance with established reporting procedures.
- Develop and recommend mitigation strategies.
- Develop signatures, techniques, and rules to identify malware vectors.
- Collaborate with internal and external organizations to discover new threats, develop mitigation techniques, processes, and tools which further the CSSP mission, as directed by the customer.
- Evaluate emerging threats.
- Correlate data from multiple sources to identify probable threat actors.
An Active Clearance w/ FS Poly is REQUIRED
- Five (5) years of demonstrated experience in cybersecurity
- Three (3) years of demonstrated experience with malware analysis
- Two (2) years of demonstrated experience with tools such as GHIDRA, SYSInternals, FireEye AX, or similar technologies.
- One (1) year of demonstrated experience with development of code in languages such as Python, Lua, C/C++, Ruby or similar
- Requires DoD 8570 compliance with CSSP Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification. The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications.
- Requires Global Information Assurances Certification (GIAC) Certified Forensic Analyst (GCFA) certificate or Certified Reverse Engineering Malware (GREM) certificate.
- Requires successful completion of the Splunk software training course "Fundamentals 1".