Incident Response Forensic and Intrusion Analyst
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The key responsibilities listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Primary focus will be on the containment, restoration, investigation, and reporting of activities related to computer security incidents.
- Support all aspects of Computer Security Incident Response activities for a large enterprise
- Conduct analysis of cyber incidents and remediate or recommend remediation as appropriate in accordance with established incident response processes (detection, triage, incident analysis, remediation and reporting)
- Conduct highly technical examinations, analysis and reporting of computer based evidence related to security incidents (intrusion artifacts/IOCs) or investigations
- Reconstruct events from network, endpoint, and log data
- Support personnel to scope, contain, and eradicate cyber incidents
- Support vulnerability and penetration testing
- Ensure the secure handling of digital evidence and matter confidentiality
- Identify recurring incidents within a customer’s environment and determine the need to escalate to the appropriate technical resources, ensuring resolution of more complex issues
- Recognize potential successful and unsuccessful intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information
- Assist with implementation of countermeasures or mitigating controls as needed
- Request and analyze on-demand system audits or vulnerability assessments when necessary to determine compliance
- Be responsible for quality control of incident reports
- Close incidents and prepare incident reports of analysis methodology and results
- Communicate effectively and articulate the identified issues and resolution steps to bring the customer’s incident to a resolved state
- Engage customers in a professional manner, resolving requests and incidents with a high sense of urgency and ownership
- Track, measure and evaluate Incident Response compliance across the enterprise
Candidate may also provide general technical cybersecurity support in the areas of vulnerability assessment, risk assessment, network security, and security implementation. Additional general duties include implementation and support for protecting the confidentiality, integrity and availability of sensitive information; providing input into the design of IS contingency plans; and conducting testing and audit log reviews to evaluate the effectiveness of current security measures.
- Experience applying troubleshooting techniques across various server, application, and network technologies including:
- Operating systems – Windows, RHEL and relevant DoD STIGs
- Networking knowledge – TCP/IP, inspection tools, and network devices.
- ArcSight, FireSight
- DoD tools - vulnerability scanners (ACAS/Nessus) and HBSS (McAfee ePO and point products)
Bachelor’s degree and 2+ years of related cyber analysis and incident response experience OR 6+ years of related experience and certifications may be considered in lieu of degree
- Must have Active DoD Secret clearance or higher, and an ability to obtain and maintain a Top Secret clearance
- Security+CE and ONE of the following CEH, CFR, CCNA Cyber Ops, CySA+, GCFA, GCIH, SCYBER (DoD 8570)
- Knowledge of DoD security policies and practices
- Excellent communication and analytical skills
- Experience with incident response processes (detection, triage, incident analysis, remediation and reporting).
- Willing to work overtime, holidays, and week-ends as necessary
- Experience in an enterprise environment (1500 servers plus 2500 workstations)
- Knowledge of CJCSM 6510 policy and procedures
- Experience with digital investigations including: incident handling and response, network and computer forensics, malware and memory analysis.
- Experience with ServiceNow or similar service management/ticketing systems
- Ability to prioritize workload and competing demand
Please email qualified resumes to email@example.com.