Job Description

Cyber Defense Analyst & Incident Responder \xe2\x80\x93 ISS II
Location: Remote 3 days a week; 2 day a week onsite in Sterling, VA
Description:
We are currently seeking a Senior Cyber Defense Analyst & Incident Responder to join our team in Sterling, Virginia (US-VA), United States (US).
All the duties listed support one or more of the following cybersecurity related functions; information security, SA&A, incident response, cyber security, insider threat, computer forensics, vulnerability assessment and management, network data capture, intrusion detection, log management, auditing, security incident and event management (SIEM), and penetration testing.
Personnel assigned to this role will serve primarily on the Operations & Response (O&R) Team; this role may also support the Vulnerability Assessment and Penetration Test (VAPT) and Engineering teams. This position is also responsible for coordinating with both the Cybersecurity Services Section and other sections or divisions within the client\xe2\x80\x99s organization. These may include, but are not limited to, IT Operations, Engineering & Integration, Software Operations, and the Office of Investigative Technology.
Duties:
\xc2\xb7Performs network security monitoring and incident response for a large organization.
\xc2\xb7Coordinates with other government agencies to record and report incidents.
\xc2\xb7Maintains records of security monitoring and incident response activities, utilizing case management and ticketing technologies.
\xc2\xb7Monitors Security Information and Event Management (SIEM) to identify security issues for remediation.
\xc2\xb7Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information. Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure, applications, and operating systems.
\xc2\xb7Assists with implementation of countermeasures or mitigating controls.
\xc2\xb7Supports efforts to consolidate and conduct comprehensive analysis of threat data obtained from classified, proprietary, and open-source resources to provide indication and warnings of impending attacks against unclassified and classified networks.
\xc2\xb7Supports Team Lead on developing recommendations for changes to Standard Operating Procedures and other similar documentation.
\xc2\xb7Monitors and reviews logs from existing security tools and creates new security tool signatures to ensure maximum performance and availability.
\xc2\xb7Performs all aspects of intrusion detection, log and audit management, network and database vulnerability assessment and compliance management, and security configuration.
\xc2\xb7Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability. Also manages accounts, security devices, and patches; responsible for access control/passwords/account creation and administration.
\xc2\xb7Analyze collected information to identify vulnerabilities and potential for exploitation.
\xc2\xb7Provides support in the identification, documentation, and development of computer and network security countermeasures.
\xc2\xb7Identifies network and operating systems vulnerabilities and recommends countermeasures.
\xc2\xb7Supports the deployment and integration of security tools as needed.
\xc2\xb7Prepares written reports and provides verbal information security briefings.
\xc2\xb7Investigates, monitors, analyzes, and reports on information security incidents.
\xc2\xb7Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats.
\xc2\xb7Use mitigation, preparedness, and response and recovery approaches, as needed to maximize information security.
\xc2\xb7Provides incident handling support for incident detection, analysis, coordination, and response.
\xc2\xb7Monitors network to actively remediate unauthorized activities.
\xc2\xb7Monitors intrusion detection sensors and log collection hardware and software to ensure systems are collecting relevant data.
\xc2\xb7Monitors all security systems to ensure maximum performance and availability.
\xc2\xb7Analyze computer security threat information from multiple sources, disciplines, and agencies across.
Required Qualifications:
\xc2\xb7 Bachelor\xe2\x80\x99s degree from an accredited college or university in one or more of the following disciplines or equivalent (documented formal training): computer science, information systems, engineering, business, physical science, or other technology-related discipline
\xc2\xb7 Education Substitution:
o Any combination of certificates such as Microsoft\xe2\x80\x99s MCSE, or Cisco\xe2\x80\x99s, CCNA, CCDA, or CCNP, may be considered equivalent to two (2) year of general experience / information technology experience. Certificates under the DoD IAM, IAT, IASAE, or CSSP Levels I, II or III may be considered equivalent to two (2) years of information security experience.
\xc2\xb7 Three (3) years of documented work experience performing any combination of Information System Security, Security Assessment & Authorization, Cybersecurity, Computer Forensics, or Insider Threat
\xc2\xb7 Secret clearance: must be eligible for a Top-Secret clearance, if requested.
Desired Qualifications:

• CompTIA CySA+ cybersecurity analyst certification
• Requirements analysis, program development activities, architecting, engineering, integrating, developing and/or deploying information technology products (hardware and software) in an enterprise environment
• Ability to create and monitor multiple cybersecurity tools dashboards
• Experience in Open-Source Intelligence gathering
• Experience with Threat hunting and vulnerability assessment
• Knowledge of SIEM tools and query generation

General Experience: SOC (Security Operations Center) operations, vulnerability analysis, triaging, incident handling, reporting, ticket generation and handling, assisting with incident resolution.

Relevant Cybersecurity Analyst Experience:

\xc2\xb7 Work experience and knowledge in; vulnerability assessment, analysis, and mitigation; analyzing security system logs, security tools, and data; network monitoring, and intrusion detection using host-based and network-based intrusion detection systems (IDS) and log management applications; testing, installing, patching, and upgrading computer hardware and operating systems (Windows, and UNIX) in an enterprise environment; identifying, collecting, processing, documenting, reporting, cyber security/incident response events; architecting, engineering, developing and implementing cyber security/incident response policies and procedures; engineering, testing, installing, patching, and upgrading various information security hardware and software applications.

\xc2\xb7 Familiarity with SourceFire, Arcsight, Splunk, NetWitness, Guidance Software, Digital Guardian, SureView, Intelliview, Nessus, and Foundstone.

\xc2\xb7 Penetration testing experience for networks, web applications, and enterprise systems. Experience with Federal cybersecurity standards, industry best practices and guidelines.

Additional Information:

This position most closely aligns with the following Work Roles:

\xc2\xb7 Cyber Defense Incident Responder, Work Role ID 531, (NIST: PR-IR-001)

\xc2\xb7 Cyber Defense Analyst, Work Role ID 511, (NIST: PR-DA-001)

Job Type: Full-time

Salary: $75.00 - $80.00 per hour

Experience level:

• 5 years

Schedule:

• 8 hour shift

Ability to commute/relocate:

• Sterling, VA 20166: Reliably commute or planning to relocate before starting work (Required)

Security clearance:

• Secret (Required)

Work Location: In person

Edit job

Open

View public job page

Innovative Computer Solutions Group, Inc