Specifications include, but are not limited to: A. Task 1: FireEye will provide one qualified and cleared Forward Deployed Analyst (FDA) to perform analytical and technical support. The FDA will collaborate on classified information and provide technical support to the overall objective of enhancing the cybersecurity mission of the Cal-CSIC and counter terrorism mission of the STAS and enhance its interaction and data exchanges with the Federal Department of Homeland Security and law enforcement organizations. i. The contractor will provide one qualified and cleared FireEye Forward Deployed Analyst (FDA) to perform analytical and technical support. ii. The contractor must be able to obtain and maintain a Federal SECRET level security clearance to attend secret level classified briefings and to support operations and technical services as it relates to the Department of Homeland Security’s (DHS) mission. B. Task 2: Cyber Threat and Reconnaissance Analysis. During the contract Term / Period of Performance, FireEye will provide an FDA on-site for eight (8) hours per day, five (5) days per week to perform Cyber Threat Intelligence (CTI) and Reconnaissance analysis, consisting of the six (6) following activities, and any other CTI and Recon analyst support activities that the parties mutually agree on: i. Intelligence-led Threat Hunting. FireEye analyst will leverage industry threat profiles, intelligence subscriptions available to Customer including those in Cal OES’s designated Threat Intelligence Platform, iSight’s non-published indicators of compromise, and Customer Helix parent and child instances and/or security log data, to hunt for evidence of threat activity within the Customer network. The analyst will help develop and maintain customer/partner threat profiles to identify specific threats to hunt for, intelligence to identify related Indicators of Compromise and threat actor Tactics, Techniques, and Procedures. FireEye analyst will be able to have knowledge on tools such Helix, FSO, IA, NX, PX, CM, HX, and ETP to execute threat hunting and response.
