Cyber Network Defense Analyst
Company: Castalia Systems
Location: Arlington
Posted on: April 2, 2026
|
|
|
Job Description:
Job Type: Full- Time Workplace Type : Onsite in Arlington, VA
Clearance: Active TS/SCI and must be able to obtain a DHS
Suitability Must be a U.S. Citizen Benefits: Medical, dental, and
vision coverage, 401k matching, generous PTO, paid holidays,
professional training opportunities, and even pet insurance to
ensure your furry friends are cared for too. Job Summary The DHS?s
Hunt and Incident Response Team (HIRT) secures the Nation?s cyber
and communications infrastructure. HIRT provides DHS?s front-line
response for cyber incidents and proactively hunting for malicious
cyber activity. Castalia Systems performs HIRT investigations to
develop a preliminary diagnosis of the severity of breaches.
Castalia provides HIRT remote and onsite advanced technical
assistance, proactive hunting, rapid onsite incident response, and
immediate investigation and resolution using host-based,
network-based and cloud-based cybersecurity analysis capabilities.
Contract personnel provide front line response for digital
forensics/incident response (DFIR) and proactively hunting for
malicious cyber activity. Castalia Systems is seeking a Cyber
Network Defense Analyst (CNDA) to support this critical customer
mission. The Cyber Network Defense Analyst uses information
collected from a variety of sources to monitor network activity and
analyze it for evidence of suspicious behavior. Monitoring and
analysis are performed to identify and report events that occur, or
might occur, within the network, to protect information,
information systems, and networks from threats. CNDAs review data
collected to analyze cyber events, and the network environment, to
find trends, patterns or anomaly correlations that indicate more
serious attacks or future threats. The CNDAs will recommend
proactive measures to contain the incident. These proactive
measures include, but are not limited to, identification of
intruder local changes/suspect interactions, isolation, in-depth
digital media analysis, consultation with law enforcement or
counterintelligence organizations, development of signatures to
detect this malicious behavior and development and deployment of
eradication tools. Roles and Responsibilities A qualified candidate
will perform the following duties and responsibilities, but are not
limited to: The majority of the CNDA?s time (75%) will be spent
executing the following tasks: Characterize and analyze network
traffic to identify anomalous activity and potential threats to
network resources Coordinate with enterprise-wide cyber defense
staff to validate network alerts Document and escalate incidents
(including events? history, status, and potential impact for
further action) that may cause ongoing and immediate impact on the
environment Perform cyber defense trend analysis and reporting
Perform event correlation using information gathered from a variety
of sources within the enterprise to gain situational awareness and
determine the effectiveness of an observed attack Provide daily
summary reports of network events and activity relevant to cyber
defense practices Receive and analyze network alerts from various
sources within the enterprise and determine possible causes of
alerts Provide timely detection, identification, and alerting of
possible attacks/intrusions, anomalous activities, and misuse
activities and distinguish these incidents and events from benign
activities Use cyber defense tools for continual monitoring and
analysis of system activity to identify malicious activity Analyze
identified malicious activity to determine weaknesses exploited,
exploitation methods, effects on system and information Determine
tactics, techniques, and procedures (TTPs) for intrusion sets
Examine network topologies to understand data flows through the
network Identify and analyze anomalies in network traffic using
metadata Conduct research, analysis, and correlation across a wide
variety of all source data sets (indications and warnings) Validate
intrusion detection system (IDS) alerts against network traffic
using packet analysis tools Identify applications and operating
systems of a network device based on network traffic Reconstruct a
malicious attack or activity based off network traffic Identify
network mapping and operating system (OS) fingerprinting activities
Assist in the construction of signatures which can be implemented
on cyber defense network tools in response to new or observed
threats within the network environment or enclave Notify designated
managers, cyber incident responders, and cybersecurity service
provider team members of suspected cyber incidents and articulate
the event's history, status, and potential impact for further
action in accordance with the organization's cyber incident
response plan Approximately 25% of the CNDA?s time will be spent
executing the following tasks: Prepare and update manuals,
instructions, and operating procedures Evaluate established methods
and procedures and prepare recommendations for changes in methods
and practices where appropriate Plan and carry out difficult and
complex assignments and develop new methods, approaches, and
procedures Conduct analyses and recommend resolution of complex
issues affecting the specialty area Ensure optimal use of
commercially available products Prepare and present reports
Evaluate the effectiveness of installed systems and services
Required Qualifications: 5 years of direct relevant experience in
cyber defense analysis using leading edge technologies and industry
standard cyber defense tools BS Computer Science, Cyber Security,
Computer Engineering, or related degree; or HS Diploma & 7-9 years
of network investigations experience. Experience successfully
developing and deploying signatures Experience detecting host and
network-based intrusions via intrusion detection technologies
(e.g., Snort) Experience implementing incident handling
methodologies Experience implementing protocol analyzers Experience
collecting data from a variety of cyber defense resources
Experience reading and interpreting signatures (e.g. snort)
Experience performing packet-level analysis Experience conducting
trend analysis Desired Qualifications: ArcSight (or other SEIM
solution) and Python programming experience would be ideal Strong
math and science background. Experience with Carnegie Mellon SiLK
tool suite Desired Certifications: One or more of the following
professional certifications: GNFA, GCIH, GCIA, GSEC, CASP, CySA,
PaLMS, FedVTE , Network, Security Physical Requirements/Work
Environment Normal office environment. Travel Less than 5%. Company
Description Castalia Systems is a proven business partner providing
mission critical solutions to the Federal Government. We provide
cutting edge solutions from Securing and Managing Data to Systems
Engineering and Development. Castalia Systems is a pioneer in
Artificial Intelligence Design and Application. With our vast
knowledge of our customers? needs and relevant technology, our team
is able to bring successful solutions to every mission. We are
one-upping our competitors by providing premium IT solutions and
platforms with cutting-edge technology so it?s so evident when you
compare us with anyone. Disclaimer Castalia Systems is an equal
employment opportunity and affirmative action employer and strives
to comply with all applicable laws prohibiting discrimination based
on race, color, creed, sex, sexual orientation, age, national
origin, or ancestry, physical or mental disability, veteran status,
marital status, HIV-positive status, as well as any other category
protected by federal, state, or local laws. All such discrimination
is unlawful, and all persons involved in the operations of the
company are prohibited from engaging in this type of conduct.
Keywords: Castalia Systems, Towson , Cyber Network Defense Analyst, IT / Software / Systems , Arlington, Maryland
