- Monitor closed and open-source intelligence daily for early warning intelligence of severe vulnerabilities, zero days, or likely threat actor targeting of organization domains
- Provide concise, time-relative Situational Awareness Reports (SARs) to operations personnel and organization stakeholders based on daily closed and open-source monitoring activities and generated Warning Intelligence on a recurring basis
- Provide mitigation recommendations and detection support across multiple layers of the defense-in-depth model
- Collect, maintain, and fuse data gathered from all intelligence sources (closed, open, internally generated, and commercially provided) on a continuous basis
- Create, update, and maintain threat models that incorporate knowledge of cyber terrain (mission, critical assets, industry supported, attack surface, network and domain footprint and attack/intrusion history)
- Use common Warning Intelligence techniques (diamond model, LH&M kill chain, and MITRE ATT&K) to generate and maintain historical tactics, techniques and protocols (TTPs), historical infrastructure, and recent activity for significant threat actors/groups
- Create and maintain a heat map of active adversarial campaigns against DREN/SDREN relevant terrain to be briefed quarterly to Government management and stakeholders
- Continually perform cyber hunt activities for threat actors/groups within DREN/SDREN relevant terrain.
- The contractor shall work closely with Detect personnel to ensure timely reporting and tracking potential incidents
- Support CSSP operations during serious intrusion events (CAT-1, 2, and 4) to provide insight and attribution of threat actor activity to include attack timelines, attacker tactics, techniques and protocols (TTPs), and fusion of other intelligence sources
- Provide CSSP operational support for on-site cyber-data forensic collection and chain-of custody for serious intrusion events (CAT-1, 2, and 4) to include volatile memory collection and drive replication
- Monitor the incident and event reports generated by Detect personnel in order to apply adversarial attribution
Applicant must be TOP SECRET/SCI eligible, have held a TOP SECRET/SCI position within the previous two years. US Citizenship is required. (#topsecret)
- 5-8 yrs experience in network intrusion analysis and/or warning intelligence support.
- Specialized training in reverse engineering and/or forensic investigation expertise
- BA/BS Degree desired
AT&T will consider for employment qualified applicants in a manner consistent with the requirements of federal, state and local laws. AT&T is an Affirmative Action/Equal Opportunity Employer and we are committed to hiring a diverse and talented workforce. EOE/AA/M/F/D/V
AT&T a good place to be
I believe in AT&T and know they are at the edge of technology. The company believes in their people and offers all kinds of training to enable us to take on new jobs and to stay at the front of technology. The software defined network which we are building is the newest technology and AT&T has been involved since early 2000s. You have a great deal of autonomy at AT&T as long as you get the job done. You have the ability to do different jobs and to be challenged at all times.
I really have little negative to say about AT&T I have worked here for 35 years on March 23rd of 2016.Current Employee - PROFESSIONAL-NETWORK DESIGN ENGINEER+
- One Star Rating
- Two Star Rating
- Three Star Rating
- Four Star Rating
This is the life – the #LifeAtATT, that is. We’re creating what’s next and having a blast doing it. You’re looking for proof? Well, see for yourself.