Cyber Security Incident Responder
Cyber Security Incident Responder
Responsibilities will include:
- Provide support in the detection, response, mitigation, and reporting of cyber threats affecting client networks
- Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations
- Produce reports and briefs to provide an accurate depiction of the current threat landscape and associated risk. Accomplish this through the use of customer, community, and open source reporting
- Provide analysis for correlated information sources
- Facilitate the customer's posturing itself to aggressively investigate cyber activity targeting customer information and its information infrastructure
- Assist the customer training department in the education of staff on the cyber threat
- Liaison with other government cyber threat analysis entities, such as intra-agency and inter-agency Cyber Threat Working Groups
- Maintaining proficiency in the use and production of visualization charts, link analysis diagrams, and database queries
- Analyze and report cyber threats as well as assist in deterring, identifying, monitoring, investigating and analyzing computer network intrusions
- Additional duties may include providing intrusion support to high technology investigations in the form of computer evidence seizure, computer forensic analysis, data recovery, and network assessments
- Meet and maintain customer required Information Assurance training compliance
- Ability to support shift work
Required Skills:
- Must have active Top Secret/Sensitive Compartmented Information (TS/SCI) security clearance
- Must be a U.S. Citizen
- 4 years hands-on experience in the detection, response, mitigation, and/or reporting of cyber threats affecting client networks and one or more of the following:
- Experience in computer intrusion analysis and incident response;
- Intrusion detection;
- Computer network surveillance/monitoring;
- Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures;
- Experience in computer evidence seizure, computer forensic analysis, and data recovery;
- Computer network forensics;
- System log analysis;
- Experience with current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks.
- Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
- Current experience with cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks
- Demonstrated ability to document processes
- The ability to respond to crises objectively
- Proficiency with MS Office Applications
- Must be able to work collaboratively across agencies and physical locations
Desired Skills:
- Computer Forensics experience
- Malware reverse engineering experience
- Experience with Risk and Opportunity management
- Scripting experience (python, perl etc…)
- Experience with process development and deployment
- Excellent writing skills
- Prior experience with data visualization products such as Analyst Notebook is desired.
- Prior experience with Splunk
- Prior experience working in one of the following
highly desired:
- Security Operations Center (SOC/NOSC)
- Computer Emergency Response Team (CERT/CIRT)
- DOD/FED Cyber Intel organization
- DCIO/MCIO, with Cyber Counterintelligence focus
Desired Certifications:
- Additional Technical CND Incident Reporter Certification(CEH, GCIH, GCIA, GNFA)
- DoDI 8570.01-M 8570.01-M IAT Level I Compliant Certification (Network + CE, A+ CE, CCNA + Security, SSCP)
Required Education (including Major): 4 years of experience with a Bachelor of Science Degree with major in Cyber Engineering, Computer Science/Electrical Engineering, Engineering, Science or related field. An additional 8 years of related work experience may be substituted for a degree.