Incident Response Team Analyst

Washington, DC

Posted: 01/04/2019 Employment Type: Contract to Hire Industry: IT Job Number: 228199

Our client is currently looking for a Mid-Tier Incident Response Team Analyst whose secondary duties are to serve as an Assistant Team Lead and on a Security Operations team on a contract with a federal government client with an important mission.




Duties and Responsibilities

• Support/assist the client with real-time monitoring and triage of incident received at the operations center.

• Work collectively with other team members on incident analysis and response, and coordinate with external teams on resolution of incidents.

• Support efforts on threat hunting, network, host, and malware analysis, sensor tuning and custom signature creation (i.e., Yara, Snort)

• Ability to support the application of cyber intelligence to improve security operations

• Perform investigation of network and hosts/endpoints for malicious activity, to include analysis of packet captures

• Assist in efforts to detect, confirm, contain, remediate, and recover from attacks

• Prepare executive summaries and conduct briefings on significant investigations

• Measure and manage individual and team performance

• Ensure adequate metrics and documentation of team operations for leadership and other constituents




JOB REQUIREMENTS AND QUALIFICATIONS

• BS/BA degree from accredited university




Experience

• Five or more years of work experience directly aligned to the duties, responsibilities and the essential functions of this role

• Three or more years of cyber security work experience

• Prior leadership experience with direct reports in a cyber environment

• Experience and effective participation in hunt, computer network defense, real-time analysis and incident response activities, to include ability to reconstruct events from network, endpoint, and log data

• Experience and understanding of host-based/endpoint protection systems

• Cyber intelligence, disk forensics and memory forensics experience

• Server administration experience

• Enterprise forensic tool(s) experience

• Federal contract experience

• Training Requirements

• One or more certifications in information security (such as GCIA, GCIH, CEH, CISSP, SSCP, Sec+, etc)




Specialized Knowledge/Skills Requirements

• High technical ability/aptitude, demonstrated through prior technical experience and accomplishment

• Network investigation experience, to include netflow and packet/protocol capture and analysis (i.e., Security Analytics, Wireshark, Network Monitor)

• Endpoint/host forensics experience

• SIEM experience (i.e, Splunk)

• Strong critical thinking, problem solving, and organization skills

• Strong teamwork and collaboration skills

• Good written and verbal communication skills

• Experience and effective participation in hunt, computer network defense, real-time analysis and incident response activities, to include ability to reconstruct events from network, endpoint, and log data

• Experience and understanding of host-based/endpoint protection systems

• Cyber intelligence experience

• Disk forensics experience

• Memory forensics experience (i.e., Volatility, Rekall)

• Programming experience

• Scripting experience (i.e., Python)

• Server administration experience

• Enterprise forensic tool(s) experience (i.e., Encase, FTK)

• Sound cyber security knowledge foundation, to include understanding of

• Adversary TTPs

• Network technology and common protocols

• Network security

• Host security

• Malware analysis (both static and dynamic)

• Security tools and sensors

• Ability to pass a security clearance background investigation
Apply Online

Send an email reminder to:

Share This Job:

Related Jobs: