Markesman Group is looking for an Exploitation Analyst SME to join our team in San Antonio, Texas. The Exploitation Analyst SME collaborates to identify access and collection gaps that can be satisfied through cyber collection and/or preparation activities. They leverage all authorized resources and analytic techniques to penetrate targeted networks.
Responsibilities:
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- Knowledge of cybersecurity and privacy principles.
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of specific operational impacts of cybersecurity lapses.
- Knowledge of application vulnerabilities.
- Knowledge of concepts, terminology, and operations of a wide range of communications media (computer and telephone networks, satellite, fiber, wireless).
- Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
- Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies.
- Knowledge of collection management processes, capabilities, and limitations.
- Knowledge of front-end collection systems, including traffic collection, filtering, and selection.
- Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.
- Knowledge of website types, administration, functions, and content management system (CMS).
- Knowledge of applicable statutes, laws, regulations and policies governing cyber targeting and exploitation.
- Knowledge of relevant reporting and dissemination procedures.
- Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).
- Knowledge of implants that enable cyber collection and/or preparation activities.
- Knowledge of principles of the collection development processes (e.g., Dialed Number Recognition, Social Network Analysis).
- Knowledge of internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.
- Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.
- Knowledge of collection searching/analyzing techniques and tools for chat/buddy list, emerging technologies, VOIP, Media Over IP, VPN, VSAT/wireless, web mail and cookies.
- Knowledge of common networking devices and their configurations.
- Knowledge of common reporting databases and tools.
- Knowledge of concepts for operating systems (e.g., Linux, Unix.)
- Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).
- Knowledge of data flow process for terminal or environment collection.
- Knowledge of evasion strategies and techniques.
- Knowledge of how hubs, switches, routers work together in the design of a network.
- Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP).
- Knowledge of how to collect, view, and identify essential information on targets of interest from metadata (e.g., email, http).
- Knowledge of identification and reporting processes.
- Knowledge of Internet and routing protocols.
- Knowledge of Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).
- Knowledge of intrusion sets.
- Knowledge of midpoint collection (process, objectives, organization, targets, etc.).
- Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
- Knowledge of network topology.
- Knowledge of organizational and partner authorities, responsibilities, and contributions to achieving objectives.
- Knowledge of organizational and partner policies, tools, capabilities, and procedures.
- Knowledge of products and nomenclature of major vendors (e.g., security suites - Trend Micro, Symantec, McAfee, Outpost, and Panda) and how those products affect exploitation and reduce vulnerabilities.
- Knowledge of scripting
- Knowledge of strategies and tools for target research.
- Knowledge of target intelligence gathering and operational preparation techniques and life cycles.
- Knowledge of terminal or environmental collection (process, objectives, organization, targets, etc.).
- Knowledge of the basic structure, architecture, and design of converged applications.
- Knowledge of the basic structure, architecture, and design of modern communication networks.
- Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications).
Qualifications:
- Demonstrated abilities, knowledge, and skills as defined by AN-EXP-001 within the NICE Cybersecurity Framework.
- Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
- Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.
- Ability to collaborate effectively with others.
- Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
- Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.
- Ability to expand network access by conducting target analysis and collection to identify targets of interest.
- Ability to identify/describe target vulnerability.
- Ability to identify/describe techniques/methods for conducting technical exploitation of the target.
- Ability to select the appropriate implant to achieve operational goals.
- Must possess a TS/SCI clearance.