Menu

Careers

Cybersalus, LLC is always seeking qualified professionals to join our expanding team. If you have experience in cyber security and would like to apply for an available position, we’d like to hear from you. Our employees receive a highly competitive benefits and compensation package, which includes 401K contributions, full healthcare coverage, including dental and vision, a robust PTO (paid time off) program, and education benefits.

Join our team, and experience a collaborative work environment where your unique skills will be valued. To confidentially submit your resume, click here.

Postiions available:

Staff Information Systems Security Engineer
Lead Information Security Systems Engineer
Senior Information Security Systems Engineer
Lead Program Manager

Cyber Analyst

Cyber Engineer

Subject Matter Expert (cyber)

 

CYBERSALUS is currently seeking a Staff Information Systems Security Engineer

Security Clearance: Must be able to get and hold a TS-SCI level clearance
Applies current Information Assurance technologies to the architecture, design, development, Responsible for analyzing and/or administering security controls for information systems. Safeguards the network against unauthorized infiltration, modification, destruction or disclosure. Researches, evaluates, tests, recommends, communicates and implements new security software or devices. Implements, enforces, communicates and develops security policies or plans for data, software applications, hardware, and telecommunications. Manages firewalls and intrusion detection systems. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information.
Knowledge: Applies advanced principles, theories, and concepts.
Contributes to the development of new principles and concepts.
Problem Complexity: Works on unusually complex problems and provides solutions which are highly innovative and ingenious.
Responsibility/Accountability: Work under consultative direction toward predetermined long-range goals. Self-initiated. Work is checked through consultation and agreement with others rather than by formal review of supervisor.
Education: B.S., M.S., Ph.D., J.D. or equivalent experience.
Experience: 14 years with B.S., 12 years with M.S.

Additional detail:
Advanced Security Analytics Support
The contractor shall accomplish the Advanced Persistent Threat (APT) activities using cyber and security threat intelligence to defend against malicious actors, and shall (with government approval) take actionable measures to protect FBI Information Systems.
APT prevention, integration and assurance efforts shall include, but not be limited to:
• Analysis (security event logs, malware, intelligence reports, forensics, media analysis)
• Reporting and sharing threat information (internal and external)
• Threat operations (identify, prevent, detect, contain, deter and resolve threat activity)
• Tracking of threat operations in the ESOC's link-analysis tool
• Research (open and closed)
• Recommendations for security risk management
The APT team shall handle correlated and escalated reporting obtained from the IA Operations function of the ESOC, Security Information and Event Management (SIEM) services, Intelligence Community (IC) and private industry reporting, and other internal processes to incorporate into incident response tickets or technical analysis reports. APT shall assist with incident response by analyzing alerts or reports referred for further data collection and analysis. Reviewing to determine to most effective course of action (e.g. quarantine resource, image resource, change state of resource, modify operation of service, collect data, advise security officers, refer to external entities)
The contractor shall use the Enterprise Security Operations Center (ESOC) link analysis tool to identify and characterize connections between disparate data sets and enhance visibility across varied threats (e.g. cyber and counterintelligence) to support ESOC operations. The APT team shall use the Link analysis product to track external threats against FBI networks, perform trend analysis, and, build threat profiles . The focus of the analytical effort shall be the characterization of the actors (e.g. state­ sponsored, organization or enterprise affiliated, individual) tactics, and techniques used to attempt to compromise the security of FBl information. The APT team shall work with the ESOC's FFRDC team to manage and maintain the ESOC's Master Watch List (MWL) via the link analysis tool, which is also used by monitoring and analytical staff. The APT team and the FFRDC shall both be fully responsible for ensuring that the MWL is maintained and current.

The contractor staff conducting threat analysis and integration efforts shall attend meetings conducted by the Department of Defense, IC, and Other Government Agencies as needed. In preparing for, attending, and documenting notes from meetings, staff conducting threat analysis and integration efforts shall conduct liaison activities and assist with coordination of efforts with other organizations, and shall provide the critical contacts and information to ESOC.
APT Analysis efforts shall include but not be limited to:
• Providing, tracking and documenting threat attribution to incident response and intelligence reporting activities
• Conducting research to maintain awareness of exploits that may affect the FBI networks, systems, personnel, IT services, and data
• Characterizing and reporting on commonly known or emerging malware.
• Conducting research into, prepare, and document recommendations for improvements to Advanced Persistent Threat identification, characterization, and incident response
• Preparing, documenting, and implementing approved changes to Advanced Persistent Threat handling, analysis, and response procedures, techniques, and capability
• Development, maintenance and distribution of the MWL
• Documenting, reviewing, importing of analysis into link analysis tool
• Acquire, process, and analyze data for configuration management, Anti-virus and anti-malware management, event detection and reporting


CYBERSALUS is currently seeking a Lead Information Security Systems Engineer
Clearance: Must be able to get and hold a TS-SCI level clearance
Applies current Information Assurance technologies to the architecture, design, development, evaluation and integration of systems and networks to maintain system security. Works closely with Government customers to ensure that the information assurance requirements are defined and implemented in a way that will allow for the accreditation of the Information Assurance architecture. Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products. Uses methods such as encryption technology, vulnerability analysis and security management. Responsible for integration of multiple methods into a cohesive system security perimeter and environment and the policies and procedures necessary to monitor and maintain such an environment. Will prepare Certification and Accreditation documentation, using multiple standards such as DITSCAP, NIACAP, DCID 6/3, Common Criteria, and NIST 800-37, to achieve accreditation of supported systems. Represents program security interests at customer meetings.
Knowledge: Applies extensive expertise as a generalist or specialist.
Problem Complexity: Develops solutions to complex problems which require the regular use of ingenuity and creativity. Consideration is given to the inter-relationships that are not clearly evident.
Responsibility/Accountability: General objectives and boundaries are identified with potential problems discussed. Considerable judgment is needed in extensively adapting or in making compromises to fit unusual or complex situations. Decisions are reviewed for attainment of objectives and compliance with policy.
Education: B.S., M.S., Ph.D., J.D. or equivalent experience.
Experience: 9 years with B.S., 7 years with M.S.
CYBERSALUS, LLC. is an Equal Opportunity/ Affirmative Action Employer.
Additional experience desired:
There are 2 variations of this core position description:

Position 1 TO2
External Threat - Monitoring, Detection, Event Analysis, and Incident Reporting Monitoring, event detection, and reporting of external threats are conducted for the FBI's enterprise networks and systems that operate at different classification levels (i.e., Sensitive but
Unclassified , Secret, and Top Secret/Sensitive Compartmented Information (SCI)). Monitoring ,
and event detection is conducted using government furnished capability. Levels of IT monitoring include:
• Network
• IT platform
• IT service logs (from Operating System to Application)
• DOJ and FBI Security Incident reports
• FBI IT service and problem reports routed to ESOC
Typically, the ESOC sensor grid acquires -450 trillion events per year with an average arrival rate of - 1 .5 trillion events per day. Events are analyzed and categorized as events in accordance with the FBI Cyber Security Incident Response Plan.
Analytical activities in support of external threat monitoring, detection, event analysis and incident reporting efforts include activities such as:

• Reviewing presentations and internal and external reports of threats
• Analyzing inbound and outbound public Internet traffic
• Analyzing suspicious or malicious electronic mail (e-mail) messages
• Reviewing requests to unblock access to public Internet sites
Communication and coordination activities include communicating the identification and characterization of events and responses to events.
Reporting of events and the results of event analysis is conducted using government furnished capability in accordance with Department of Justice (DOJ) and FBI processes and procedures for reporting events


Positiion 2 TO5
All VAT members shall possess one of the following certifications: Certified Information Security Professionals (CISSP), Global Information Assurance Certification (GIAC) Certified Intrusion Analyst (GCIA), GCIA Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (OPEN), GIAC Certified Web Application Penetration Tester (GWAPT) or GIAC Certified Forensic Analyst (GCFA). VAT members shall possess at minimum mid-level experience in at least one critical skill identified in Figure 1. The VAT shall have subject matter expertise in all of the critical skills outlined.
Should have received training in at least one of the following:
VAT Software BaselineAgiliance RiskVision
Application Security, Inc. AppDetectivePRO
Application Security, Inc. DbProtect
Cenzic Hailstorm
CORE Impact Pro
HP Weblnspect
McAfee Foundstone
McAfee Vulnerability Manager
Tenable Nessus Vulnerability Scanner


CYBERSALUS is currently seeking a Senior Information Security Systems Engineer.
Clearance: Must be able to get and hold a Top Secret - SCI level clearance
Applies current Information Assurance technologies to the architecture, design, development, evaluation and integration of systems and networks to maintain system security. Works closely with Government customers to ensure that the information assurance requirements are defined and implemented in a way that will allow for the accreditation of the Information Assurance architecture. Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products. Uses methods such as encryption technology, vulnerability analysis and security management. Responsible for integration of multiple methods into a cohesive system security perimeter and environment and the policies and procedures necessary to monitor and maintain such an environment. Will prepare Certification and Accreditation documentation, using multiple standards such as DITSCAP, NIACAP, DCID 6/3, Common Criteria, and NIST 800-37, to achieve accreditation of supported systems. Represents program security interests at customer meetings.
Knowledge: Wide application of principles, theories, and concepts in the field plus a working knowledge of other related disciplines.
Problem Complexity: Develops thorough, practicable solutions to a variety of difficult problems involving multiple variables. Considers inter-relations that may not be clearly evident.
Responsibility/Accountability: Purpose and desired results indicated. Guidelines are not completely applicable to many work situations. Unusual problems may be discussed with supervisor.
Education: B.S., M.S., Ph.D., J.D. or equivalent experience. Experience: 5 years with B.S., 3 years with M.S.
CYBERSALUS, LLC. is an Equal Opportunity/ Affirmative Action Employer.
Additional experience desired:

Position 1 TO2
External Threat - Monitoring, Detection, Event Analysis, and Incident Reporting Monitoring, event detection, and reporting of external threats are conducted for the FBI's enterprise networks and systems that operate at different classification levels (i.e., Sensitive but
Unclassified, Secret, and Top Secret/Sensitive Compartmented Information (SCI)). Monitoring, and event detection is conducted using government furnished capability. Levels of IT monitoring include:
• Network
• IT platform
• IT service logs (from Operating System to Application)
• DOJ and FBI Security Incident reports
• FBI IT service and problem reports routed to ESOC

Typically, the ESOC sensor grid acquires -450 trillion events per year with an average arrival rate of - 1 .5 trillion events per day. Events are analyzed and categorized as events in accordance with the FBI Cyber Security Incident Response Plan.

Analytical activities in support of external threat monitoring, detection, event analysis and incident reporting efforts include activities such as:

• Reviewing presentations and internal and external reports of threats
• Analyzing inbound and outbound public Internet traffic
• Analyzing suspicious or malicious electronic mail (e-mail) messages
• Reviewing requests to unblock access to public Internet sites

Communication and coordination activities include communicating the identification and characterization of events and responses to events.

Reporting of events and the results of event analysis is conducted using government furnished capability in accordance with Department of Justice (DOJ) and FBI processes and procedures for reporting events.

CYBERSALUS is currently seeking a Lead Program Manager.
Security Clearance: Must be able to get and hold a TS-SCI level clearance
Responsible for managing the cost and schedule requirements of a product line through all phases from proposal to product distribution. Ensures that all resources such as engineering, manpower, production, computer time, facilities and sales force are available to support the product line. Develops and/or implements techniques to track product line performance against goals. Work with customers to determine needs, requirements and new business opportunities.
Job Summary: Responsible for managing relatively complex programs. May manage fixed price contracts. Oversees program budget and schedules. May direct staff. Has primary responsibility for program growth; may be responsible for marketing new programs responsible for is generally between $25 and $50 million (life of contracts not annual). May be responsible for programs of a lesser dollar value if they are more complex or developmental in nature. Excludes engineers or other individuals temporarily assigned program management responsibilities and technical functional managers for a program.
Education: Bachelors degree, (advanced degree in Engineering or Business preferred) or equivalent experience.
Experience: 9 years with B.S., 7 years with M.S.
Additional experience desired - Position 1 TO3
Lead Advanced Security Analytics Support
The employee shall accomplish the Advanced Persistent Threat (APT) activities using cyber and security threat intelligence to defend against malicious actors, and shall (with government approval) take actionable measures to protect FBI Information Systems.
APT prevention, integration and assurance efforts shall include, but not be limited to:
• Analysis (security event logs, malware, intelligence reports, forensics, media analysis)
• Reporting and sharing threat information (internal and external)
• Threat operations (identify, prevent, detect, contain, deter and resolve threat activity)
• Tracking of threat operations in the ESOC's link-analysis tool
• Research (open and closed)
• Recommendations for security risk management
The APT team shall handle correlated and escalated reporting obtained from the IA Operations function of the ESOC, Security Information and Event Management (SIEM) services, Intelligence Community (IC) and private industry reporting, and other internal processes to incorporate into incident response tickets or technical analysis reports. APT shall assist with incident response by analyzing alerts or reports referred for further data collection and analysis. Reviewing to determine to most effective course of action (e.g. quarantine resource, image resource, change state of resource, modify operation of service, collect data, advise security officers, refer to external entities)
The employee shall use the Enterprise Security Operations Center (ESOC) link analysis tool to identify and characterize connections between disparate data sets and enhance visibility across varied threats (e.g. cyber and counterintelligence) to support ESOC operations. The APT team shall use the Link analysis product to track external threats against FBI networks, perform trend analysis, and, build threat profiles. The focus of the analytical effort shall be the characterization of the actors (e.g. state­ sponsored, organization or enterprise affiliated, individual) tactics, and techniques used to attempt to compromise the security of FBl information. The APT team shall work with the ESOC's FFRDC team to manage and maintain the ESOC's Master Watch List (MWL) via the link analysis tool, which is also used by monitoring and analytical staff. The APT team and the FFRDC shall both be fully responsible for ensuring that the MWL is maintained and current.

The employee shall conduct threat analysis and integration efforts shall attend meetings conducted by the Department of Defense, IC, and Other Government Agencies as needed. In preparing for, attending, and documenting notes from meetings, staff conducting threat analysis and integration efforts shall conduct liaison activities and assist with coordination of efforts with other organizations, and shall provide the critical contacts and information to ESOC.
APT Analysis efforts shall include but not be limited to:
• Providing, tracking and documenting threat attribution to incident response and intelligence reporting activities
• Conducting research to maintain awareness of exploits that may affect the FBI networks, systems, personnel, IT services, and data
• Characterizing and reporting on commonly known or emerging malware.
• Conducting research into, prepare, and document recommendations for improvements to Advanced Persistent Threat identification, characterization, and incident response
• Preparing, documenting, and implementing approved changes to Advanced Persistent Threat handling, analysis, and response procedures, techniques, and capability
• Development, maintenance and distribution of the MWL
• Documenting, reviewing, importing of analysis into link analysis tool
• Acquire, process, and analyze data for configuration management, Anti-virus and anti-malware management, event detection and reporting

 


 

CYBERSALUS is currently seeking a Staff Information Systems Security Engineer

Security Clearance: Must be able to get and hold a TS-SCI level clearance
Applies current Information Assurance technologies to the architecture, design, development, Responsible for analyzing and/or administering security controls for information systems. Safeguards the network against unauthorized infiltration, modification, destruction or disclosure. Researches, evaluates, tests, recommends, communicates and implements new security software or devices. Implements, enforces, communicates and develops security policies or plans for data, software applications, hardware, and telecommunications. Manages firewalls and intrusion detection systems. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information.
Knowledge: Applies advanced principles, theories, and concepts.
Contributes to the development of new principles and concepts.
Problem Complexity: Works on unusually complex problems and provides solutions which are highly innovative and ingenious.
Responsibility/Accountability: Work under consultative direction toward predetermined long-range goals. Self-initiated. Work is checked through consultation and agreement with others rather than by formal review of supervisor.
Education: B.S., M.S., Ph.D., J.D. or equivalent experience.
Experience: 14 years with B.S., 12 years with M.S.

Additional detail:
Advanced Security Analytics Support
The contractor shall accomplish the Advanced Persistent Threat (APT) activities using cyber and security threat intelligence to defend against malicious actors, and shall (with government approval) take actionable measures to protect FBI Information Systems.
APT prevention, integration and assurance efforts shall include, but not be limited to:
• Analysis (security event logs, malware, intelligence reports, forensics, media analysis)
• Reporting and sharing threat information (internal and external)
• Threat operations (identify, prevent, detect, contain, deter and resolve threat activity)
• Tracking of threat operations in the ESOC's link-analysis tool
• Research (open and closed)
• Recommendations for security risk management
The APT team shall handle correlated and escalated reporting obtained from the IA Operations function of the ESOC, Security Information and Event Management (SIEM) services, Intelligence Community (IC) and private industry reporting, and other internal processes to incorporate into incident response tickets or technical analysis reports. APT shall assist with incident response by analyzing alerts or reports referred for further data collection and analysis. Reviewing to determine to most effective course of action (e.g. quarantine resource, image resource, change state of resource, modify operation of service, collect data, advise security officers, refer to external entities)
The contractor shall use the Enterprise Security Operations Center (ESOC) link analysis tool to identify and characterize connections between disparate data sets and enhance visibility across varied threats (e.g. cyber and counterintelligence) to support ESOC operations. The APT team shall use the Link analysis product to track external threats against FBI networks, perform trend analysis, and, build threat profiles . The focus of the analytical effort shall be the characterization of the actors (e.g. state­ sponsored, organization or enterprise affiliated, individual) tactics, and techniques used to attempt to compromise the security of FBl information. The APT team shall work with the ESOC's FFRDC team to manage and maintain the ESOC's Master Watch List (MWL) via the link analysis tool, which is also used by monitoring and analytical staff. The APT team and the FFRDC shall both be fully responsible for ensuring that the MWL is maintained and current.

The contractor staff conducting threat analysis and integration efforts shall attend meetings conducted by the Department of Defense, IC, and Other Government Agencies as needed. In preparing for, attending, and documenting notes from meetings, staff conducting threat analysis and integration efforts shall conduct liaison activities and assist with coordination of efforts with other organizations, and shall provide the critical contacts and information to ESOC.
APT Analysis efforts shall include but not be limited to:
• Providing, tracking and documenting threat attribution to incident response and intelligence reporting activities
• Conducting research to maintain awareness of exploits that may affect the FBI networks, systems, personnel, IT services, and data
• Characterizing and reporting on commonly known or emerging malware.
• Conducting research into, prepare, and document recommendations for improvements to Advanced Persistent Threat identification, characterization, and incident response
• Preparing, documenting, and implementing approved changes to Advanced Persistent Threat handling, analysis, and response procedures, techniques, and capability
• Development, maintenance and distribution of the MWL
• Documenting, reviewing, importing of analysis into link analysis tool
• Acquire, process, and analyze data for configuration management, Anti-virus and anti-malware management, event detection and reporting


CYBERSALUS is currently seeking a Lead Information Security Systems Engineer
Clearance: Must be able to get and hold a TS-SCI level clearance
Applies current Information Assurance technologies to the architecture, design, development, evaluation and integration of systems and networks to maintain system security. Works closely with Government customers to ensure that the information assurance requirements are defined and implemented in a way that will allow for the accreditation of the Information Assurance architecture. Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products. Uses methods such as encryption technology, vulnerability analysis and security management. Responsible for integration of multiple methods into a cohesive system security perimeter and environment and the policies and procedures necessary to monitor and maintain such an environment. Will prepare Certification and Accreditation documentation, using multiple standards such as DITSCAP, NIACAP, DCID 6/3, Common Criteria, and NIST 800-37, to achieve accreditation of supported systems. Represents program security interests at customer meetings.
Knowledge: Applies extensive expertise as a generalist or specialist.
Problem Complexity: Develops solutions to complex problems which require the regular use of ingenuity and creativity. Consideration is given to the inter-relationships that are not clearly evident.
Responsibility/Accountability: General objectives and boundaries are identified with potential problems discussed. Considerable judgment is needed in extensively adapting or in making compromises to fit unusual or complex situations. Decisions are reviewed for attainment of objectives and compliance with policy.
Education: B.S., M.S., Ph.D., J.D. or equivalent experience.
Experience: 9 years with B.S., 7 years with M.S.
CYBERSALUS, LLC. is an Equal Opportunity/ Affirmative Action Employer.
Additional experience desired:
There are 2 variations of this core position description:

Position 1 TO2
External Threat - Monitoring, Detection, Event Analysis, and Incident Reporting Monitoring, event detection, and reporting of external threats are conducted for the FBI's enterprise networks and systems that operate at different classification levels (i.e., Sensitive but
Unclassified , Secret, and Top Secret/Sensitive Compartmented Information (SCI)). Monitoring ,
and event detection is conducted using government furnished capability. Levels of IT monitoring include:
• Network
• IT platform
• IT service logs (from Operating System to Application)
• DOJ and FBI Security Incident reports
• FBI IT service and problem reports routed to ESOC
Typically, the ESOC sensor grid acquires -450 trillion events per year with an average arrival rate of - 1 .5 trillion events per day. Events are analyzed and categorized as events in accordance with the FBI Cyber Security Incident Response Plan.
Analytical activities in support of external threat monitoring, detection, event analysis and incident reporting efforts include activities such as:

• Reviewing presentations and internal and external reports of threats
• Analyzing inbound and outbound public Internet traffic
• Analyzing suspicious or malicious electronic mail (e-mail) messages
• Reviewing requests to unblock access to public Internet sites
Communication and coordination activities include communicating the identification and characterization of events and responses to events.
Reporting of events and the results of event analysis is conducted using government furnished capability in accordance with Department of Justice (DOJ) and FBI processes and procedures for reporting events


Positiion 2 TO5
All VAT members shall possess one of the following certifications: Certified Information Security Professionals (CISSP), Global Information Assurance Certification (GIAC) Certified Intrusion Analyst (GCIA), GCIA Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (OPEN), GIAC Certified Web Application Penetration Tester (GWAPT) or GIAC Certified Forensic Analyst (GCFA). VAT members shall possess at minimum mid-level experience in at least one critical skill identified in Figure 1. The VAT shall have subject matter expertise in all of the critical skills outlined.
Should have received training in at least one of the following:
VAT Software BaselineAgiliance RiskVision
Application Security, Inc. AppDetectivePRO
Application Security, Inc. DbProtect
Cenzic Hailstorm
CORE Impact Pro
HP Weblnspect
McAfee Foundstone
McAfee Vulnerability Manager
Tenable Nessus Vulnerability Scanner


CYBERSALUS is currently seeking a Senior Information Security Systems Engineer.
Clearance: Must be able to get and hold a Top Secret - SCI level clearance
Applies current Information Assurance technologies to the architecture, design, development, evaluation and integration of systems and networks to maintain system security. Works closely with Government customers to ensure that the information assurance requirements are defined and implemented in a way that will allow for the accreditation of the Information Assurance architecture. Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products. Uses methods such as encryption technology, vulnerability analysis and security management. Responsible for integration of multiple methods into a cohesive system security perimeter and environment and the policies and procedures necessary to monitor and maintain such an environment. Will prepare Certification and Accreditation documentation, using multiple standards such as DITSCAP, NIACAP, DCID 6/3, Common Criteria, and NIST 800-37, to achieve accreditation of supported systems. Represents program security interests at customer meetings.
Knowledge: Wide application of principles, theories, and concepts in the field plus a working knowledge of other related disciplines.
Problem Complexity: Develops thorough, practicable solutions to a variety of difficult problems involving multiple variables. Considers inter-relations that may not be clearly evident.
Responsibility/Accountability: Purpose and desired results indicated. Guidelines are not completely applicable to many work situations. Unusual problems may be discussed with supervisor.
Education: B.S., M.S., Ph.D., J.D. or equivalent experience. Experience: 5 years with B.S., 3 years with M.S.
CYBERSALUS, LLC. is an Equal Opportunity/ Affirmative Action Employer.
Additional experience desired:

Position 1 TO2
External Threat - Monitoring, Detection, Event Analysis, and Incident Reporting Monitoring, event detection, and reporting of external threats are conducted for the FBI's enterprise networks and systems that operate at different classification levels (i.e., Sensitive but
Unclassified, Secret, and Top Secret/Sensitive Compartmented Information (SCI)). Monitoring, and event detection is conducted using government furnished capability. Levels of IT monitoring include:
• Network
• IT platform
• IT service logs (from Operating System to Application)
• DOJ and FBI Security Incident reports
• FBI IT service and problem reports routed to ESOC

Typically, the ESOC sensor grid acquires -450 trillion events per year with an average arrival rate of - 1 .5 trillion events per day. Events are analyzed and categorized as events in accordance with the FBI Cyber Security Incident Response Plan.

Analytical activities in support of external threat monitoring, detection, event analysis and incident reporting efforts include activities such as:

• Reviewing presentations and internal and external reports of threats
• Analyzing inbound and outbound public Internet traffic
• Analyzing suspicious or malicious electronic mail (e-mail) messages
• Reviewing requests to unblock access to public Internet sites

Communication and coordination activities include communicating the identification and characterization of events and responses to events.

Reporting of events and the results of event analysis is conducted using government furnished capability in accordance with Department of Justice (DOJ) and FBI processes and procedures for reporting events.

CYBERSALUS is currently seeking a Lead Program Manager.
Security Clearance: Must be able to get and hold a TS-SCI level clearance
Responsible for managing the cost and schedule requirements of a product line through all phases from proposal to product distribution. Ensures that all resources such as engineering, manpower, production, computer time, facilities and sales force are available to support the product line. Develops and/or implements techniques to track product line performance against goals. Work with customers to determine needs, requirements and new business opportunities.
Job Summary: Responsible for managing relatively complex programs. May manage fixed price contracts. Oversees program budget and schedules. May direct staff. Has primary responsibility for program growth; may be responsible for marketing new programs responsible for is generally between $25 and $50 million (life of contracts not annual). May be responsible for programs of a lesser dollar value if they are more complex or developmental in nature. Excludes engineers or other individuals temporarily assigned program management responsibilities and technical functional managers for a program.
Education: Bachelors degree, (advanced degree in Engineering or Business preferred) or equivalent experience.
Experience: 9 years with B.S., 7 years with M.S.
Additional experience desired - Position 1 TO3
Lead Advanced Security Analytics Support
The employee shall accomplish the Advanced Persistent Threat (APT) activities using cyber and security threat intelligence to defend against malicious actors, and shall (with government approval) take actionable measures to protect FBI Information Systems.
APT prevention, integration and assurance efforts shall include, but not be limited to:
• Analysis (security event logs, malware, intelligence reports, forensics, media analysis)
• Reporting and sharing threat information (internal and external)
• Threat operations (identify, prevent, detect, contain, deter and resolve threat activity)
• Tracking of threat operations in the ESOC's link-analysis tool
• Research (open and closed)
• Recommendations for security risk management
The APT team shall handle correlated and escalated reporting obtained from the IA Operations function of the ESOC, Security Information and Event Management (SIEM) services, Intelligence Community (IC) and private industry reporting, and other internal processes to incorporate into incident response tickets or technical analysis reports. APT shall assist with incident response by analyzing alerts or reports referred for further data collection and analysis. Reviewing to determine to most effective course of action (e.g. quarantine resource, image resource, change state of resource, modify operation of service, collect data, advise security officers, refer to external entities)
The employee shall use the Enterprise Security Operations Center (ESOC) link analysis tool to identify and characterize connections between disparate data sets and enhance visibility across varied threats (e.g. cyber and counterintelligence) to support ESOC operations. The APT team shall use the Link analysis product to track external threats against FBI networks, perform trend analysis, and, build threat profiles. The focus of the analytical effort shall be the characterization of the actors (e.g. state­ sponsored, organization or enterprise affiliated, individual) tactics, and techniques used to attempt to compromise the security of FBl information. The APT team shall work with the ESOC's FFRDC team to manage and maintain the ESOC's Master Watch List (MWL) via the link analysis tool, which is also used by monitoring and analytical staff. The APT team and the FFRDC shall both be fully responsible for ensuring that the MWL is maintained and current.

The employee shall conduct threat analysis and integration efforts shall attend meetings conducted by the Department of Defense, IC, and Other Government Agencies as needed. In preparing for, attending, and documenting notes from meetings, staff conducting threat analysis and integration efforts shall conduct liaison activities and assist with coordination of efforts with other organizations, and shall provide the critical contacts and information to ESOC.
APT Analysis efforts shall include but not be limited to:
• Providing, tracking and documenting threat attribution to incident response and intelligence reporting activities
• Conducting research to maintain awareness of exploits that may affect the FBI networks, systems, personnel, IT services, and data
• Characterizing and reporting on commonly known or emerging malware.
• Conducting research into, prepare, and document recommendations for improvements to Advanced Persistent Threat identification, characterization, and incident response
• Preparing, documenting, and implementing approved changes to Advanced Persistent Threat handling, analysis, and response procedures, techniques, and capability
• Development, maintenance and distribution of the MWL
• Documenting, reviewing, importing of analysis into link analysis tool
• Acquire, process, and analyze data for configuration management, Anti-virus and anti-malware management, event detection and reporting

 

Information Assurance (IA) Analyst
CYBERSALUS is currently seeking a Information Assurance (IA) Analyst to assist in planning efforts and oversee IT Security, audit, vulnerability, risk, and compliance. Individual must have extensive experience in managing Information Security Programs. Responsible for all ongoing activities related to the availability, integrity, confidentiality and security of company and client information in compliance with the company’s security policies and procedures and governing regulations and law. Develops global information risk management strategy and serves as a thought leader in the area of information security and cyber security. Develops in association with the CIO organization and company management, the information security policies and procedures for the company. Manages the Enterprise Information Security Program Coordinates the information security compliance activities with internal staff and external advisory services. Provides and manages direct information security training to staff. Initiates, facilitates, and promotes activities to foster information security awareness. Coordinates with the CIO for the review and management of the electronic security systems in place including anti-virus management, firewall and internet access protections, log review, data encryption, and data loss prevention services. Responsible for information security business continuity and disaster recovery plans by coordinating with management and the IT organization. Ensures that plans are frequently tested. Performs information security risk analysis at all levels within the organization and periodic information system activity reviews for information security processes. Reviews all unusual copying, movement and deletion of data and information movement for unauthorized access or transfer. Responsible for applying and using technology to enforce policies related to information security, ethical walls and access to information. Manages information security incident response. Monitors and promotes advancements in information security technologies. Monitors legislation and accreditation standards that affect information security.
Minimum Requirements
• Must be a citizen of the United States of America
• Must have an active Secret clearance and be able to maintain it
• Bachelor’s degree required. Master’s degree in an information security related field preferred.
• 10+ years’ experience in an information security role focused on information security management
• Certified Information Systems Security Professional (CISSP) or CISA required, both preferred
• Proven experience planning and executing successful information security strategies, programs and processes in a highly sophisticated, fast paced environment.
• Outstanding interpersonal skills; the ability to lead and influence to develop broad commitment.
• Ability to lead and communicate efficiently within a team environment
• Demonstrated agility and is flexible with changing priorities.
CYBERSALUS, LLC. is an Equal Opportunity/ Affirmative Action Employer.


Information Assurance (IA) Engineer
CYBERSALUS is currently seeking a Information Assurance (IA) Engineer to provide security engineering designs and implementation in all aspects of Information Assurance and Information Security (InfoSec) Engineering for a Federal Government customer in the Silver Spring, MD or Arlington, VA area.
Responsibilities/Duties include the ability to assess and mitigate system security threats/risks throughout the DCOE program life cycle; validate system security requirements definition and analysis; establish system security designs; implement security designs in hardware, software, data, and procedures, and verify security requirements.
Also be able to perform system certification and accreditation C&A planning and testing and liaison activities; and support secure systems operations and maintenance.
Responsible for setting up Vulnerability Management scanning process; maintaining system documentation; assisting with Information Technology (IT) Security Plan of Action and Milestones (POA&M); assisting with responding to C&A discrepancies and establishing/maintaining IA documentation; and participating in other projects as required.
As a member of the Information Assurance/Computer Network Defense team, this person performs a variety of Computer Security tasks. The successful candidate must be well versed on both Information Assurance and Computer Network Defense policies and procedures for the DoD and IC community.
Minimum Requirements:
• Must be a citizen of the United States of America
• Must be eligible for a Secret clearance and be able to maintain it
• Bachelor’s degree required. Master’s degree in an information security related field preferred
• 10+ years’ relevant experience
• Understand and be able to assist with the Certification and Accreditation of systems under DIACAP and Army C&A processes
• Understand the concepts of IDS/IPS, routing protocols, and provide system administration and/or monitoring of each system
• Be able to assist the Computer Network Defense operations center in incident handling, which includes but is not limited to: data storage sanitation, malware removal, system isolation, and audit log analysis
• Preferably have familiarity with Cyber Security tools, i.e, McAfee HBSS, Retina and SCAP (Security Content Automation Protocol), and DoD Enclaves
• IAT Level II in accordance with DoDD 8570 is a must (IAT Level III - CISA or CISSP preferred)
CYBERSALUS, LLC. is an Equal Opportunity/ Affirmative Action Employer.


Cyber Security Analyst
CYBERSALUS is currently seeking a Cyber Security Analyst to assist in cyber security planning efforts, oversee construction and subsequent operation of a state-of-the-art Cyber Security Operations Center (CSOC). This individual will act as a Cyber Security/Computer and Network Defense Subject Matter Expert (SME), concentrating on overall technical and operational effectiveness of capabilities in coordination with individual customer requirements. The Cyber Security Analyst will be responsible for providing recommendations on installation and continuous improvement of the processes and architectures supporting the overall CSOC and other cyber security tasks. Operational activities include, but are not limited to: analysis, incident handling and reporting products, forensics, and the reporting lifecycle. This individual is responsible for assisting the other cyber security personnel in ensuring the continuous and effective operations of customer IT systems and network defenses by providing effective incident detection, response and remediation capabilities. Works to maximize the selection, integration and subsequent use of existing tools Intrusion Detection System (IDS) to correlate information and synthesize data into usable and actionable events. Must be a self-starter, capable of being a key element during the design, implementation and operation of a complex security architecture and requiring minimal supervision.

Must have a minimum of three (3) years’ experience working in a security operations center environment. Must have demonstrated knowledge of security policies based on industry standards and best practices. Must have working knowledge of Security Information and Event Manager (SIEM) technology; strong familiarity with MacAfee IDS tools, systems and processes is a plus. Must have incident management process development and/or incident management experience. Must have three (3) or more years working within the information security field, with emphasis on security operations, incident management, intrusion detection, firewall deployment, and security event analysis. Must have working knowledge of forensic tools and processes and experience with security device installations, configuration and troubleshooting (e.g., firewall, IDS, etc.) Must have proven ability to communicate efficiently within a team environment. Must have professional certifications in one or more of the following: CISSP, SANS GIAC, SANS GCIH. Must have knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM), Knowledge of McAfee Network Security Management, Enterprise Policy Orchestrator, Host-based Security System. Must have in-depth knowledge of writing SIEM rules, filters and reports and tuning the systems. Should understand Government Regulatory Compliance reporting requirements. Must be able to pass a drug screening.
CYBERSALUS, LLC. is an Equal Opportunity/ Affirmative Action Employer.

Technical Subject Matter Specialist
CYBERSALUS is currently seeking a Technical Subject Matter Specialist to provide program management, IT Lifecycle Support, Knowledge Management, and Six Sigma expertise.
Candidate must be a US citizen, have an active Secret clearance, and be able to maintain it. Must have a minimum of three years of specialization described below and five years providing knowledge management systems support and having knowledge and understanding of applicable concepts and practices. Project Management experience and Project Management Professional (PMP) certification are preferred. A working knowledge of the Six Sigma methods and techniques is required. Green Belt certification is also required for this position.
CYBERSALUS, LLC. is an Equal Opportunity/ Affirmative Action Employer.

 

















   



“We see this as something absolutely vital to the future of our country. Cybersecurity for government and critical infrastructure is key to the security of this Nation.”

NSA Director and U.S. Cyber Commander General Keith Alexander

Copyright © 2017 CyberSalus, LLC
1930 Isaac Newton Square
Suite 203
Reston, VA 20191
Office: 571.325.5712
Fax: 571.325.5701