Incident Response Manager

Who we are:

ShorePoint is a fast-growing, industry recognized, and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a "work hard, play hard" mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion, and a focus on giving back to our community.

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation's critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individual technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 80% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement, etc.

Who we're looking for:

We are seeking an Incident Response Manager who has experience providing support in a dynamic, fast-paced environment within the public sector. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the cybersecurity market. The Incident Response Manager will have the opportunity to be exposed to all aspects of support to a federal client and will be encouraged to grow as the organization expands.

What you'll be doing:

• Advise senior management on risk levels and security posture.
• Coordinate and provide technical support for Cyber Fusion Center operations.
• Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.
• Provide 24x7x365 support for cyber incident identification, triage, escalation, and tactical coordination for Amtrak Digital Technology Incident Management Severity Bridges.
• Responds to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities.
• Analyze incident data to identify vulnerabilities and recommend remediation.
• Perform log file analysis to detect potential threats.
• Conduct cyber defense incident triage and trend analysis.
• Interface with internal and external organizations for incident dissemination.
• Perform real-time incident handling tasks and document incident lifecycle.
• Write and publish incident findings and after-action reviews.
• Coordinate incident response functions and provide cybersecurity recommendations.
• Support Disaster Recovery and Continuity of Operations Plans.
• Provide 24×7 support for cyber incident identification and escalation.
• Create and maintain Standard Operating Procedures and knowledge base articles.
• Respond to crises and investigate and analyze response activities.
• Supervise and lead cyber incident response activities.
• Provide overwatch coverage and on-call status during off hours.

What you need to know:

• Conduct vulnerability scans and assess resource requirements.
• Develop cyber incident plans in compliance with regulations.
• Tailor technical information for different audiences.
• Apply cybersecurity principles to organizational requirements.
• Utilize cyber investigative tools and processes.

Must have's:

• 5-8 years of relevant experience.
• Determine security system functionality and protection needs.
• Preserve evidence integrity and perform damage assessments.
• Recognize vulnerabilities and perform incident handling.
• Evaluate security controls and use security event correlation tools.
• Apply crisis planning procedures and prepare briefings.
• Ability to tailor technical and planning information to a customer's level of understanding.
• Ability to develop cyber incident plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
• Ability to obtain and maintain customer required Secret clearance.

Beneficial Knowledge:

• Cyber risk management processes, laws, and regulations.
• Intrusion detection methodologies and hacking methodologies.
• Incident response and handling methodologies.
• System and application security threats and vulnerabilities.
• Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161).
• Knowledge of cyber attackers and attack stages.

Where it's done:

• Hybrid - Washington, D.C (2-3 times per week).