Cybersecurity Incident Responder

Cybersecurity Incident Responder

Location: Remote (local to DC area)

Clearance: Top Secret

Our client is deeply committed to staying ahead of the evolving threat landscape, continuously innovating to deliver effective and reliable security services that empower their users and customers to confidently navigate the digital world. We are passionate cybersecurity professionals dedicated to making a real difference. If you're driven by a desire to protect organizations from cyber threats and contribute to a safer digital world and want to make a difference for the Department of Defense, this is the place for you.

Responsibilities and Duties:

• Proactive Threat Monitoring and Incident Detection: Continuously monitor network traffic, system logs, and security alerts to identify potential threats and anomalies. This will involve utilizing a variety of security information and event management (SIEM) tools, intrusion detection systems (IDS), and other security monitoring technologies.
• Analyze security events to determine the scope, impact, and root cause of security incidents. This will require in-depth knowledge of network protocols, operating systems, and common attack vectors.
• Develop and refine detection rules and signatures to improve the efficiency and effectiveness of threat detection systems. This will involve staying abreast of the latest threat intelligence and attack techniques.
• Incident Response and Remediation: Lead and participate in incident response activities, coordinating with cross-functional teams to contain and eradicate security threats. This will include isolating affected systems, collecting forensic evidence, and implementing remediation measures.
• Develop and maintain comprehensive incident response plans and procedures, ensuring they are up-to-date and aligned with industry best practices. This will involve conducting regular tabletop exercises and simulations to test and improve incident response capabilities.
• Conduct post-incident analysis to identify vulnerabilities and improve security controls. This will include documenting lessons learned, recommending security enhancements, and contributing to the development of knowledge base articles and training materials.
• Cybersecurity Awareness and Collaboration: Collaborate with clients and project teams to enhance their cybersecurity awareness and understanding of security risks. This will involve conducting security awareness training, developing educational materials, and providing guidance on security best practices.
• Work closely with security engineers and architects to implement and maintain security controls and solutions. This will include participating in security assessments, vulnerability scans, and penetration testing activities.
• Contribute to the development and improvement of security monitoring and incident response processes and tools. This will involve staying abreast of the latest security technologies and trends and recommending improvements to existing security infrastructure.

What You'll Bring:

• Cybersecurity Expertise: Possess a strong foundation in cybersecurity principles, concepts, and best practices. This includes a deep understanding of network security, endpoint security, data security, and cloud security.
• Demonstrate in-depth knowledge of common attack techniques, threat actors, and cybersecurity frameworks (e.g., NIST Cybersecurity Framework, MITRE ATT&CK).
• Exhibit hands-on experience with security monitoring and incident response tools and technologies, including SIEM platforms, intrusion detection systems, and endpoint detection and response (EDR) solutions.
• Analytical and Problem-Solving Skills: Possess strong analytical and problem-solving skills, with the ability to quickly assess complex situations, identify root causes, and develop effective solutions.
• Demonstrate the ability to analyze large volumes of security data, identify patterns and anomalies, and draw meaningful conclusions.
• Technical Proficiency: Demonstrate proficiency in scripting languages (e.g., Python, PowerShell, Bash) for automating security tasks and analyzing data.
• Possess a working knowledge of network infrastructure and communication protocols, including TCP/IP, DNS, and HTTP.
• Exhibit familiarity with operating systems (e.g., Windows, Linux) and common security vulnerabilities.

Specific Tasks include:

• Collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Coordinate incident response functions.
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat conditions and determine which security issues may have an impact on the enterprise.
• Perform cyber defense trend analysis and reporting.
• Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
• Write and publish after-action reviews.
• Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies.

Skills/Experience/Certifications:

• 5 years relevant experience
• 2 years performing root cause analysis of cybersecurity events and incidents
• Associate's degree or higher in IT or similar area.
• Working knowledge of at least at least 2 types of security tools:
  • Firewall, IDS/IPS, Host based antivirus, Data loss prevention, Vulnerability Management, Forensics , Malware Analysis, Device Hardening
• Understanding of Defense-in-Depth
• Ability to build scripts and tools to enhance threat detection and incident response capabilities (Preferably in SPL, Python, PowerShell)
• Top Secret Security Clearance
• Relevant certification from a nationally recognized technical authority meeting DOD 8570.01 IAT II.
• Must possess and maintain DOD 8570.01 CNDSP/CSSP-IR certification.