Yesterday
Top Secret/SCI
Mid Level Career (5+ yrs experience)
Unspecified
No Traveling
IT - Security
Washington, DC (Off-Site/Hybrid)•Stennis Ctr, MS (Off-Site/Hybrid)
Primary Responsibilities
• In-depth knowledge of each phase of the Incident Response life cycle
• Expertise of Operating Systems (Windows/Linux) operations and artifacts
• Understanding of Enterprise Network Architectures to include routing/switching, common protocols (DHCP, DNS, HTTP, etc), and devices (Firewalls, Proxies, Load Balancers, VPN, etc)
• Ability to recognize suspicious activity/events, common attacker TTPs, perform logical analysis and research to determine root cause and scope of Incidents
• Drive implementation and improvement of new tools, capabilities, frameworks, and methodologies
• Instill and reinforce industry best practices in the domains of incident response, cybersecurity analysis, case and knowledge management, and SOC operations
• Promote and drive implementation of automation and process efficiencies
• Familiarity with Cyber Kill Chain and ATT&CK Framework and how to leverage in Security Operations
• Provide guidance and mentorship to improve analyst skill sets and ensure delivery of high-quality analysis and work products
• Establish trust and business relationships with customer and other relevant stakeholders
Basic Qualifications
• All Senior Incident Response Analyst candidates shall have a minimum of a bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS 4 years of experience in incident detection and response, malware analysis, or cyber forensics.
• Must have TS/SCI. In addition to specific security clearance requirements, all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.
• 4+ years of supervising and/or managing teams
• 5+ years of intrusion detection and/or incident handling experience
• CISSP and SANS GCIH or GCIA required upon start
• Advanced knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) and/or Security Operations Center (SOC) operations for a large and complex Enterprise
• Significant experience supervising and leading employees of various labor categories and technical skill levels in efforts similar in size and scope to a mature Security Operation
• Mature understanding of industry accepted standards for incident response actions and best practices related to SOC operations;
• Strong written and verbal communication skills, and the ability to create technical reports based on analytical findings.
• Strong analytical and troubleshooting skills.’
Required Education/Experience
A bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS 4 years of experience in incident detection and response, malware analysis, or cyber forensics.
Requirement Certifications
CCFP – Certified Cyber Forensics Professional
CCNA Security
CCNP Security
CEH – Certified Ethical Hacker
CHFI – Computer Hacking Forensic Investigator
CISSP – Certified Information Systems Security
CIRC
ECES – EC-Council Certified Encryption Specialist
ECIH – EC-Council Certified Incident Handler
ECSA – EC-Council Certified Security Analyst
ECSS – EC-Council Certified Security Specialist
EnCE
ENSA – EC-Council Network Security Administrator
FIWE
GCFA – Forensic Analyst
GCFE – Forensic Examiner
GCIH – Incident Handler
GISF – Security Fundamentals
GNFA – Network Forensic Analyst
GREM – Reverse Engineering Malware
GWEB – Web Application Defender
GXPN – Exploit Researcher and Advanced Penetration Tester
LPT – Licensed Penetration Tester
OSCE (Certified Expert)
OSCP (Certified Professional)
OSEE (Exploitation Expert)
OSWP (Wireless Professional)
WFE-E-CI
FTK-WFE-FTK
CompTIA Cyber Security Analyst (CySA+)
CompTIA Linux Network Professional (CLNP)
CompTIA PenTest+
GCTI – Cyber Threat Intelligence
GOSI – Open Source Intelligence
CTIA – Certified Threat Intelligence Analyst
Splunk Core Certified Advanced Power User
Splunk Core Certified Consultant
Splunk SOAR Certified Automation Developer
IACRB Certified Security Awareness Practitioner (CSAP)
Preferred Qualifications
• Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
• Hands-on cybersecurity experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization including prior experience performing large-scale incident response.
• Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
• Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.
• Familiarity with Cloud concepts and experience performing monitoring and responding to threats in Cloud environments
• In-depth knowledge of each phase of the Incident Response life cycle
• Expertise of Operating Systems (Windows/Linux) operations and artifacts
• Understanding of Enterprise Network Architectures to include routing/switching, common protocols (DHCP, DNS, HTTP, etc), and devices (Firewalls, Proxies, Load Balancers, VPN, etc)
• Ability to recognize suspicious activity/events, common attacker TTPs, perform logical analysis and research to determine root cause and scope of Incidents
• Drive implementation and improvement of new tools, capabilities, frameworks, and methodologies
• Instill and reinforce industry best practices in the domains of incident response, cybersecurity analysis, case and knowledge management, and SOC operations
• Promote and drive implementation of automation and process efficiencies
• Familiarity with Cyber Kill Chain and ATT&CK Framework and how to leverage in Security Operations
• Provide guidance and mentorship to improve analyst skill sets and ensure delivery of high-quality analysis and work products
• Establish trust and business relationships with customer and other relevant stakeholders
Basic Qualifications
• All Senior Incident Response Analyst candidates shall have a minimum of a bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS 4 years of experience in incident detection and response, malware analysis, or cyber forensics.
• Must have TS/SCI. In addition to specific security clearance requirements, all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.
• 4+ years of supervising and/or managing teams
• 5+ years of intrusion detection and/or incident handling experience
• CISSP and SANS GCIH or GCIA required upon start
• Advanced knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) and/or Security Operations Center (SOC) operations for a large and complex Enterprise
• Significant experience supervising and leading employees of various labor categories and technical skill levels in efforts similar in size and scope to a mature Security Operation
• Mature understanding of industry accepted standards for incident response actions and best practices related to SOC operations;
• Strong written and verbal communication skills, and the ability to create technical reports based on analytical findings.
• Strong analytical and troubleshooting skills.’
Required Education/Experience
A bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS 4 years of experience in incident detection and response, malware analysis, or cyber forensics.
Requirement Certifications
CCFP – Certified Cyber Forensics Professional
CCNA Security
CCNP Security
CEH – Certified Ethical Hacker
CHFI – Computer Hacking Forensic Investigator
CISSP – Certified Information Systems Security
CIRC
ECES – EC-Council Certified Encryption Specialist
ECIH – EC-Council Certified Incident Handler
ECSA – EC-Council Certified Security Analyst
ECSS – EC-Council Certified Security Specialist
EnCE
ENSA – EC-Council Network Security Administrator
FIWE
GCFA – Forensic Analyst
GCFE – Forensic Examiner
GCIH – Incident Handler
GISF – Security Fundamentals
GNFA – Network Forensic Analyst
GREM – Reverse Engineering Malware
GWEB – Web Application Defender
GXPN – Exploit Researcher and Advanced Penetration Tester
LPT – Licensed Penetration Tester
OSCE (Certified Expert)
OSCP (Certified Professional)
OSEE (Exploitation Expert)
OSWP (Wireless Professional)
WFE-E-CI
FTK-WFE-FTK
CompTIA Cyber Security Analyst (CySA+)
CompTIA Linux Network Professional (CLNP)
CompTIA PenTest+
GCTI – Cyber Threat Intelligence
GOSI – Open Source Intelligence
CTIA – Certified Threat Intelligence Analyst
Splunk Core Certified Advanced Power User
Splunk Core Certified Consultant
Splunk SOAR Certified Automation Developer
IACRB Certified Security Awareness Practitioner (CSAP)
Preferred Qualifications
• Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
• Hands-on cybersecurity experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization including prior experience performing large-scale incident response.
• Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
• Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.
• Familiarity with Cloud concepts and experience performing monitoring and responding to threats in Cloud environments
group id: baseone
