Incident /Cyber Response Analyst TS/SCI preferred
Falls Church, VA
Share
Job Description

Do you desire a patriotic role and the chance to defend our nation?s cyber infrastructure? Do you enjoy learning about new technologies and how they can be used to provide cutting edge services to our customers? If so, then look to join the Focused Cyber team.

Give us the chance to make you a good offer!

Incident Response personnel investigate and analyze all response activities related to cyber incidents
within the Network. These tasks include, but are not limited to: creating and maintaining incident tracking information; planning, coordinating, and directing recovery activities; and incident analysis tasks, including examining all available information and supporting evidence or artifacts related to an incident or event. These personnel might also be known as incident handlers, computer forensic technicians and malware analysts or reverse engineers.


Current active DHS SCI and EOD Preferred!


Specific Job Duties:

Provide 24x7x365 Tier 1 intrusion detection and response. Specific activities include
but are not limited to the following:

  • Perform network monitoring 24x7x365 for the Department?s networks
  • using applications such as ArcSight, Splunk, Sourcefire, Carbon Black, FireEye, packet analysis tools, etc.
  • Perform analysis of alerts and alarms
  • Mitigate alerts and events
  • Escalate unexplained, anomalous activity to Tier 2 and Tier 3 analysts for further investigation
  • Issue warnings and alerts for new possible unauthorized access to Department networks and systems and enter security events in the Departments tracking system.
  • Contribute input to the Daily reports
  • Provide monthly project status report as part of the Task Status Report
  • Report on quality performance measures quarterly as part of the overall Program performance measures review
  • Coordinate internal and external threat sources and analysis for impact on Department assets

Position Description:

  • Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, as well as embedded systems and mainframes.
  • Monitor open source channels (e.g. vendor sites, Computer Emergency Response Teams, SysAdmin, Audit, Network, Security (SANS) Institute, Security Focus) to maintain a current understanding of Computer Network Defense (CND) threat condition and determine which security issues may have an impact on the enterprise.
  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
  • Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or Bro as part of duties performing cyber incident response analysis.
  • Track and document CND hunts and incidents from initial detection through final resolution.
  • Collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential CND hunts and incidents within the enterprise.
  • Perform forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
  • Perform real-time CND hunt and incident handling (e.g. forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Hunt and Incident Response Teams (IRTs).
  • Write and publish CND guidance and reports (e.g. engagement reports) on incident findings to appropriate constituencies.
  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
  • Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities.
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
  • May be required to travel up to 25% of time.

Basic Qualifications - To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below.

  • Bachelor?s Degree in Information Technology (IT) or other related technical field and a minimum of 2 years? experience required for the level 2 role.
  • Bachelor?s Degree in Information Technology (IT) or other related technical field and a minimum of 5 years? experience required for the level 3 role.
  • Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.
  • Familiar with network analytics including Netflow/PCAP analysis.
  • Understanding of cyber forensics concepts including malware, hunt, etc.
  • Understanding of how both Windows and Linux systems are compromised.

Preferred Qualifications - Candidates with these desired skills will be given preferential consideration:

  • Current active DHS SCI and EOD.
  • Experience using Splunk for system data analytics and monitoring strongly preferred.
  • Experience performing cyber forensics, malware analysis, cyber hunt, etc. strongly preferred.
  • A professional certification such as GCFA, GNFA, GREM, or GCIH is highly desirable.

Focused Cyber is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class.

  • . U.S. Citizenship is required for most positions.

Focused Cyber is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class.

If you are a recent college graduate or are trying to enter the Cyber or IT fields and do not qualify for a position as described above, please send an email to Training@FocusedCyber.com and ask for details. We offer very low cost training programs that may give you a career in an IT or Cyber field. Its a unique program where you can learn for an extremely low cost, about a $1.75 per day, have access to hundreds of IT, Cyber and related classes AND gain valuable time as an Intern, IT consultant or student under instruction attached to one of our companies. This is time that you can put as experience on your resume while receiving our training. Its month to month, so stop anytime you want. This is unique in the industry and can benefit you greatly, especially if you are relatively new or junior in this career field.?

Job Type Full-time