OVERVIEW:
We are seeking a motivated, mission-oriented Senior Incident Handler in supporting Cyber Security contract.
GENERAL DUTIES:
- Performs actions in response to identified cyber intrusions
- Determines appropriate course of action in response to identified cyber security attacks or anomalous network activity
- Performs advanced analysis to include forensic seizures of hardware, malware triage and dynamic analysis, and determination of the scope of compromise during a cyber attack
- Communicates with stakeholders and leaders to ensure cyber incidents are managed appropriately
- Acts as incident command during small scale cyber-attacks and cyber response subject matter expert during large scale attacks
- Recommend enterprise countermeasures based on threat trends
- Prepares detailed recommendations for network defense improvements to close or mitigate cyber incidents
REQUIRED QUALIFICATIONS:
- Requires a BS (bachelor's degree in electrical engineering, computer engineering, computer science, or other closely related IT discipline) Or 4 additional years of experience in lieu of degree with minimum of 5 years of related experience.
- Demonstrated experience in cyber incident response/detection or expert network engineering, system administration, or develops
- Minimum of 6+ years of experience in Cyber Security, InfoSec, Security Engineering, Network Engineering with emphasis in cyber security issues and operations, computer incident response, systems architecture, data management.
- Familiarity with the following classes of enterprise cyber defense technologies:
- Network and Host malware detection and prevention
- Network and Host forensic tools
- Endpoint Detection and Response (EDR)
- Network Detection and Response (NDR)
- Sysmon, audit, Windows Security Event Log analysis
- Web/Email gateway security technologies
- Experience with Splunk, Windows PowerShell, or similar technologies
- NetFlow and Full Packet Capture solutions
- Security Information and Event Management (SIEM) systems
- Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)
- Host Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)
- AWS, Azure, GCP incident response
CLEARANCE:
- Full Scope Polygraph minimum