Cornerstone Defense | Technically Innovative Solutions

Type: Contract
Job #2730

Title: Cyber Detection Engineer Team Lead
Location: McLean, VA
*Clearance: Active TS/SCI w/ Polygraph needed to apply *

Company Overview:
Cornerstone Defense is the Employer of Choice within the Intelligence, Defense, and Space communities of the U.S. Government. Realizing early on that our most prized assets are our employees, we continually focus our attention on improving the overall work/life experience they have supporting the mission. Our Team is pushed every day to use their industry leading knowledge to provide end-to-end solutions to combat our nation’s toughest and most secure problems. If you are looking for a place to not only be professionally challenged, but encouraged and supported by a company that cares, don’t look any further than Cornerstone Defense.

We need you to lead the team who protect and defend the largest target in the world using your expertise in Host Based IDS, IPS and specialized network defense. This position will utilize the latest cyber tools available and assist in creating new ones while allowing you to advance the nation's information security posture.

Responsibilities include, but are not limited to:

Provide subject matter expertise in the creation, editing, and management of signatures, rules and filters for specialized network defense systems such as Network and host-based IDS, IPS, NDR, EDR, firewall, web application firewalls, Proxy and SIEM systems

Manage and administer the tuning of rules, signatures, and custom content for specialized CND applications and systems

Identify potential conflicts with implementation of any CND tools within the enterprise and develop recommendations to remediate these conflicts

Manage inter-agency relationships with partner organizations to facilitate mission execution

Provide innovative and creative solutions to challenging problems

Provide logical use case development

Provide and track requirements to engineering partners

Identify gaps in visibility or coverage of cyber defense systems

Prepare and brief management and partner organizations on current state/proposed solutions

Prepare data analytics and reporting

15+ years of experience in Cyber Security, InfoSec, Security Engineering or Network Engineering with emphasis in cyber security issues and operations, computer incident response, systems architecture, data management

Ability to demonstrate expertise utilizing SIEM tools for use case development and application

Understanding of the following classes of enterprise cyber defense technologies:

Incident Response analysis

Security Information and Event Management (SIEM) systems

Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)

Host Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)

Security Orchestration Automation and Response (SOAR)

Endpoint and Network Detection and Response (EDR/NDR)

User Behavior Analytics (UBA)

Network and Host malware detection and prevention

Network and Host forensic applications

Web/Email gateway security technologies

Ability to leverage interpersonal, organizational, writing, communications, and briefing skills

Ability to demonstrate strong analytical and problem solving skills

DOD 8570 IAT Level I or CSSP-IR certification (can be obtained after hire)

Active TS/SCI with polygraph clearance

Bachelor’s Degree in Electrical Engineering, Computer Engineering, Computer Science, or other closely related Information Technology field of study

Experience with all or some of the following:

Palo Alto Networks

McAfee ePO/NSM

Carbon Black

Tanium

Jira

Mitre ATT&CK

Python

Splunk ES

Equal Opportunity Employment
Cornerstone Defense is proud to be an Equal Opportunity Employer. We are committed to creating an inclusive working environment for all employees and to upholding diversity in our recruiting and hiring processes. All qualified applicants will receive equal consideration for employment without regard to sex, gender identity, sexual orientation, race, color, age, religion, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by law.

Type: Contract
Job #2729

Title: Expert Cyber Threat Hunter
Location: McLean, VA
*Clearance: Active TS/SCI w/ Polygraph needed to apply *

Join our Adversarial Pursuit team as a Cyber Threat Hunt Expert on this Cyber Security support contract. Help strengthen an established unit of elite cyber defense experts by advising strategic vision and tactical implementation to protect our customer's varied networks from all enemies.

Responsibilities include, but are not limited to:

Provide strategic and tactical direction to cyber hunters and leadership based on trends and actionable intelligence related to threat capabilities

Coordinate hunt activities between various internal and external hunt groups

Construct and exploit threat intelligence to detect, respond, and defeat advanced persistent threats (APTs)

Fully analyze network and host activity in successful and unsuccessful intrusions by advanced attackers

Build fly-away kits utilizing an agile approach to identify the appropriate tools and technologies necessary to conduct hunt missions

Conduct advanced threat hunt operations using known adversary tactics, techniques and procedures as well as indicators of attack in order to detect adversaries with persistent access to the enterprise

Create and add custom signatures, to mitigate highly dynamic threats to the enterprise using the latest threat information obtained from multiple sources. Perform malware analysis on samples obtained during an investigation or hunt operation to create custom signatures

Develop and produce reports on all activities and incidents to help maintain day to day status, develop and report on trends, and provide focus and situational awareness on all issues

Piece together intrusion campaigns, threat actors, and nation-state organizations

Manage, share, and receive intelligence on APT adversary groups

Generate intelligence from their own data sources and share it accordingly

Identify, extract, and leverage intelligence from APT intrusions

Expand upon existing intelligence to build profiles of adversary groups

Leverage intelligence to better defend against and respond to future intrusions

Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs

Notify the management team of significant changes in the security threat against the government networks in a timely manner and in writing via established reporting methods

Coordinate with appropriate organizations within the intelligence community regarding possible security incidents. Conduct intra-office research to evaluate events as necessary, maintain the current list of coordination points of contact.

Review assembled data with firewall administrators, engineering, system administrators and other appropriate groups to determine the risk of a given event

Maintain knowledge of the current security threat level by monitoring related Internet postings, Intelligence reports, and other related documents as necessary

Ability to demonstrate effective interpersonal, organizational, writing, communications, and briefing skills

Ability to use advanced level analytical and problem-solving skills to solve complex issues

CISSP or CEH Certification

DoD 8570 IAT Level III or CSSP-SPM (can be obtained after hire)

Active TS/SCI with polygraph clearance

Bachelor’s Degree in Electrical Engineering, Computer Engineering, Computer Science, or other closely related Information Technology field of study

Type: Contract
Job #2728

Title: Cyber Security Data Engineer – Senior
Location: McLean, VA
*Clearance: Active TS/SCI w/ Polygraph needed to apply *

Cyber Security Data Engineer:

The Cyber Security Data Engineer will design, build, and optimize systems for data collection, storage, access, and analytics at scale, and is responsible for creating data pipelines used by data scientists, data-centric applications, and other data consumers. This is a highly technical position, requiring experience and skills in areas such as programming, mathematics, and computer science.

Responsibilities include, but are not limited to:

Assembling large, complex sets of data that meet non-functional and functional business requirements.

Identifying, designing and implementing internal process improvements including re-designing infrastructure for greater scalability, optimizing data delivery, and automating manual processes.

Building required infrastructure for optimal extraction, transformation and loading of data from various data sources using AWS and SQL technologies.

Building analytical tools to utilize the data pipeline, providing actionable insight into key business performance metrics including operational efficiency and customer acquisition.

Working with stakeholders including data, design, product and executive teams and assisting them with data-related technical issues.

Establish advanced analysis and data visualization methodologies, models, and tools to derive/predict intelligence outcomes and impacts.

Implement data validation and cleaning techniques to find and fix or remove inaccurate and irrelevant data.

Develop and maintain a data warehouse populated with data from numerous sources and with varied formats.

Build, test, and maintain database pipeline architectures.

Identify ways to improve data reliability, efficiency, and quality.

Data pipeline and warehouse performance measurement and optimization.

Prepare data for predictive and prescriptive modeling in close partnership with in-house data science team.

Deliver updates to stakeholders based on analytics.

Ensure compliance with customer’s data governance and security policies.

Design, develop and maintain scaled, automated, user-friendly systems that will support the needs of the business.

2+ years of relevant work experience in data science or data engineering in big data environments.

2+ years of experience in data mining and data-set preparation using SQL

2+ years of experience using data visualization software, such as, Tableau Desktop or Power BI.

Experience with data modeling, data warehousing, and building ETL pipelines.

Strong verbal and written communication and data presentation skills, including an ability to effectively communicate with both business and technical team, and senior management as required.

Active TS/SCI with polygraph clearance

Bachelor’s degree in Computer Science, Engineering, Mathematics or related technical field of study.

3+ years of experience in a data engineer role with a technology company.

Experience working in large data warehouse environments.

Experience conducting large scale and complex data analysis to support data centric architecture

Experience using Python, R, Java, JavaScript, AngularJS, .NET, Hadoop, and Apache and other related technologies

Type: Contract
Job #2727

Title: Data Scientist
Location: McLean, VA
*Clearance: Active TS/SCI w/ Polygraph needed to apply *

Company Overview:

Cornerstone Defense, in partnership with our military, intelligence, and civil government customers, supports U.S. operations worldwide through the use of many different types of intelligence, satellite, and cyber technologies. Cornerstone’s Intelligence Sector provides solutions to the United States Government for information collection, operations, exploitation and dissemination, and research activities. Our Team specializes in software development, cloud architecture, systems and network engineering, systems integration, agile management, as well as targeting operations and intelligence analysis. Our support to our mission customers includes cyber network operations, exploitation and defense, signals intelligence, human intelligence, and critical missions and networks.

Data Scientist:

Use your analytic talent to churn through petabytes of data providing valuable information and insight to policy makers and security professionals defending the most coveted intelligence target in the world. Identify anomalies that could reveal previously unknown risks or threats to the customer’s environment.

Responsibilities include, but are not limited to:

Advise on the methods and data needed and/or available to evaluate the problem

Collaborate with data collectors and analysts to identify and close gaps on complex monitoring problems

Provide accurate, timely, complex and sophisticated data analysis

Determine and employ the most appropriate research design for data collection and analysis

Analyze, evaluate, and assess quantitative data (using statistical software, computer models, geospatial models, software languages, and mathematical models) to contribute to or develop software tools, analytic models, and/or reports)

Work with stakeholders to understand the requirements and identify what problems are they trying to solve with data

Provide requirements or recommendations to data engineers to help normalize or enrich data sources

Experience using markup languages such as LaTeX or HTML

Experience with Natural Language Processing for anomaly detection

Experience with Statistics, Machine Learning, Linear Algebra and Calculus, Data Visualization and VBA scripts

Experience working in a team-based agile work environment

Experience working in an analytical research environment

Ability to use analytical and problem-solving skills to solve complex problems

Active TS/SCI with polygraph clearance

Bachelor’s Degree in mathematics, statistical analysis, data science, electrical engineering, computer engineering, computer science, or other closely related IT discipline)

Type: Contract
Job #2726

Title: Cyber Security Analyst – Senior
Location: McLean, VA
*Clearance: Active TS/SCI w/ Polygraph needed to apply *

Company Overview:

Description/Responsibilities:
The CIRT Incident Handler on this agency-level Cyber Security support contract performs the following duties:

• Performs actions in response to identified cyber intrusions

• Determines appropriate course of action in response to identified cyber security incidents or anomalous network activity

• Performs advanced analysis to include forensic seizures of hardware, malware triage and dynamic analysis, and determination of the scope of compromise during a cyber incident

* Communicates with stakeholders and leaders to ensure incidents are managed appropriately

* Acts as incident command during small scale incidents and cyber response subject matter expert during large scale incidents

• Recommend enterprise countermeasures based on incident trends

• Prepares detailed recommendations for network defense improvements to close or mitigate incidents

Required Experience/Skills:

* Demonstrated experience in cyber incident response/detection or expert network engineering, system administration, or devops

• Excellent interpersonal, organizational, writing, communications, and briefing skills

• Strong analytical and problem solving skills

• Minimum of five years of progressively responsible experience in Cyber Security, InfoSec, Security Engineering, Network Engineering with emphasis in cyber security issues and operations, computer incident response, systems architecture, data management

Required Tools:
Familiarity with the following classes of enterprise cyber defense technologies:
• Security Information and Event Management (SIEM) systems

• Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)

• Host Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)

• Network and Host malware detection and prevention

• Network and Host forensic tools

• Endpoint Detection and Response (EDR)

• Sysmon

• Web/Email gateway security technologies

* Experience with Splunk, Windows PowerShell, or similar technologies

* Netflow and Full Packet Capture solutions

Required Certifications:
DOD 8570 IAT Level I, CSSP-IR, or CSSP-A

Required Degree:

BS (bachelor's degree in electrical engineering, computer engineering, computer science, or other closely related IT discipline)
10 years experience if no BS

Equal Opportunity Employment
Cornerstone Defense is proud to be an Equal Opportunity Employer. We are committed to creating an inclusive working environment for all employees and to upholding diversity in our recruiting and hiring processes. All qualified applicants will receive equal consideration for employment without regard to sex, gender identity, sexual orientation, race, color, age, religion, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by law.

Location: McLean, Virginia
Type: Contract
Job #2721

Title: Linux Systems Adminstrator

Location: McLean, VA

*Clearance: *Active TS/SCI w/ Polygraph needed to apply *

Company Overview:

Cornerstone Defense has an immediate need for a Linux System Engineer to be a member of the IT team that is the Londinium Program. The Londinium Program is comprised of linux (80%), windows (20%), virtualization, storage, network, HW, and data center engineers that works as a team and, offers rewarding opportunities to think outside the box in order to deliver innovative and sustainable IT environments to our customers. The Londinium system administrators work both independently and as a member of an integrated product team supporting a wide variety of basic and complex computing and network configurations and must have proven Linux experience.

The on-site system administrator will support the installation, configuration, maintenance, failure analysis and recovery, performance monitoring, data storage management, and security management of the data center environment. The system engineer will haveexperience in at least one, preferably two, scripting languages (shell, Perl, Powershell, Python, etc.) and shall have proven experience administering Linux operating systems in the conduct of their duties. The right candidate will have proven experience in problem solving.

Specific duties and responsibilities of the Linux System Engineer may include, but are not limited to:

Architecting, deploying, and managing large Linux networked environments including deployment and configuration
Installing, configuring, updating and removing system and application software
Hardening Linux serverinstallations
Installing, configuring, updating and removing system hardware (servers, workstations, transceivers, network interface cards)
Configuring NFS, SAMBA, and SAN
Monitoring and allocating system resources (CPU, memory, and storage space)
Proven experience creating, implementing, and maintaining scripts for process automation, infrastructure monitoring, and proactive reporting
Auditing system log files, to include compliance audits
Diagnosing and troubleshooting hardware and software problems
Documenting hardware and software configurations, maintenance history, and backup history
Implementing up-to-date system policies and procedures
Updating/patching system operating systems
Proven experience in all aspects of managing large Linux environments including the use of configuration management tools like Puppet and Ansible for centralized management and configuration of systems to enforce security controls
Ability to utilize analysis tools to resolve complex network, systems, and application performance problems
Responding to inquiries concerning all aspects of computer and network operations
Creating and managing user/group accounts (ex: Active Directory (AD))

Minimum Qualifications and Education:

Bachelor’s Degree in computer science, information systems, engineering, mathematics, or equivalent experience, and six (6) years of relevant experience (see below bullets). Fourteen (14) years of equivalent military training and/or experience in an information technology field will be considered in lieu of a degree.
Five (5) years or more of total intelligence community relevant work experience as a system administrator
Five (5) years’ experience as a system administrator

Type: Contract
Job #1723

Title: Computer Forensics Engineer
Location: Chantilly, VA
*Clearance: Active TS/SCI w/ Polygraph needed to apply *

Company Overview:

Description/Responsibilities:

The candidate will provide forensic analyst expertise support to a United States Government (USG) customer and will be an active contributing member of a security vulnerability and computer forensic analysis team. The candidate must exercise excellent social acumen and operational judgment and be able to respond quickly to high priority tasking. The candidate must understand the importance of using tradecraft to minimize exposure. The candidate should have a comfort level with speaking as s/he may be required to brief assessments at various forums across the Intelligence Community. Furthermore, the ideal candidate will:

Conduct computer forensics and security vulnerability analysis using commercial-off-the-shelf (COTS) and/or customer provided tools
Evaluate cloud services, web applications, and commercial-off-the-shelf software and hardware
Perform network traffic analysis of web services to analyze raw packet data for anomalies, Support cyber security initiatives through both predictive and reactive analysis, articulating emerging trends to leadership and staff.
Provide management with discrepancy reports and end user documentation.
Communicate daily with program managers, management, customer representatives, and end users to ensure delivery of quality products.

Required Skills/Qualifications:

Bachelor’s degree (or equivalent) in Cybersecurity, Information Technology (IT), Electrical Engineering (EE), Computer Science, Computer/Digital Forensics
Demonstrated XX years’ experience in three or more of the following: analysis, network engineering, networking security, penetration testing, red taming, hardware engineering, software reverse engineering, computer exploitation.
Proven proficiency with at least three (3) or more of the following: mobile security, telecom protocols, operating systems (Windows, iOS, Android, or Linux), reverse engineering, forensics, network analysis, vulnerability assessment or malware forensics.
Demonstrated familiarity with Wireshark, Fiddler, EnCase, Sleuthkit and/or other forensic tools
Demonstrated experience in drafting reports, documenting case details, and able to summarize findings and recommendations based on system analysis.
Demonstrated experience in performing post-incident computer forensics while maintaining proper chain of custody and without destruction of critical data.

Desired Skills/Qualifications:

Experience within Intelligence Community (IC) community
Experience employing advanced forensic tools and techniques for attack reconstruction, including dead system analysis and volatile data collection and analysis
Law Enforcement/Cyber Forensics experience
Desired experience ensuring quality assurance and the spreading of best practices
Relevant Certifications: CCFP, GCIA, OSCP, CEH, CISSP, or Security+

· Publications in peer-reviewed journals