Cyber Operations Center- Intern
This position is for an intern working within the IronNet Cyber Operations Center (CyOC) conducting computer network defense operations and implementing security controls on behalf of large organizations with expansive and complex network topologies. Once integrated into operations, the position requires the ability to detect and analyze anomalies within the company infrastructure, integrate engineered solutions, implement security controls and collaborate on IT requirements across multiple divisions within the company. Applicant should have an understanding of general cybersecurity, and incident response frameworks that are used
both nationally and internationally. Shift work may be required. Travel required: 25%
Duties:
- Conduct data mining and research operations amongst a variety of toolsets in order to perform network security operations that deliver ideas about anomalous network activity and potential adversary Tactics, Techniques and Procedures (TTPs).
- Analyze the memory of systems to look for Indicators of Compromise (IOCs) of running processes, handles, files, keywords, network communications, privileged
- user account misuse, and other items.
- Conduct analytical assessments and use corresponding products to produce
- reports, or visualization tools to answer requests for information or daily operations center use.
- Collaborate with other network analysts and threat intelligence analysts to achieve network security and incident response objectives.
- Determine deviations in the network configuration and rapidly identify and develop countermeasures within security designs (enterprise architecture, firewalls, VPN, and security technologies- as an example).
- Regularly assess network security controls and devise strategies for implementing the IronNet Network Security program throughout the enterprise
- Manage enterprise security technologies e.g., firewalls, endpoint solutions, etc.
- Collaborate with an operationalized mitigations team by making recommendations for network hardening, mapping, configuration, and other diagnostic considerations.
- Identify and enhance network performance measures and availability
Focus of position:
Initial responsibilities will revolve around using, testing, and making recommendations
for the development of a world-class hunting platform as a subcomponent of a larger framework. Operations and training responsibility will include developing monitoring, hunting and
training workflows or solutions for commercial clients. A longer-term opportunity
will include responsibility for computer network defense operations within an operation
center environment.
Qualities:
- Knowledge of Windows and other OS internals and popular file systems
- Linux/UNIX system administration, along with network (router and switch), Web server,
- firewall, or DNS administration
- Demonstrate knowledge/experience with Host or Network IDS/IPS, NetFlow, and
- protocol collection and analysis tools
- Knowledge of vulnerability assessment and penetration testing tools
- Knowledge of entire TCP/IP or OSI network protocol stack, including major protocols such as IP, Internet Control Message Protocol (ICMP), TCP, User Datagram Protocol (UDP), Simple Mail Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and SSH
- Familiarity with malware analysis tools and frameworks
- Computer Engineering
- Cyber Security
- Software Engineering
Highly desirable qualifications:
- CompTIA Security+
- CompTIA Network+
- Certified Ethical Hacker (CEH)
- Military or formal vocational technical training in computer network Degree in computer science/engineering, Cybersecurity or related field Cisco Certified Network Administrator/Professional (CCNA/CCNP) Certified Information System Security Professional (CISSP)
- Certified Computer Examiner (CCE)
- Computer Security Incident Handler (CSIH)
- Linux Professional Institute Certification 1 (LPICâ€1) Microsoft Certifications (MCSE, MCITP)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Penetration Tester (GPEN)
- GIAC Reverse Engineering Malware (GREM)