Incident Response Lead

Washington, DC
Jan 12, 2017
May 06, 2017
Full Time
Threat Intelligence Lead for Security Operations Center. Support the ongoing identification, research, analysis, and documentation of security trends within the customer's department, across the Federal government, and within the financial services sector.
Lead the development of and provide the operational support for the OCC's cyber threat intelligence capabilities.


Provides technical advice and guidance on installation, adaptation, configuration and/or enhancement of company technical products, programs and systems.

 Recommend mitigations for risks and appropriate courses of action Reporting findings in OCC incident management system.
Use the OCC's current threat intelligence resources and approved open sources tools to collect information about threats and propose new tools and information sources as appropriate.
Conduct internal network detection activities, examining the OCC assets for malware, advanced persistent threats (APTs), hidden anomalies, and other indicators of compromise. Propose additional detection tools as appropriate. Document detailed findings from hunt activities including timelines, network/route paths, and lateral movements and associated risks if applicable.
Work with the OCC to establish a baseline that reveals the current state of cybersecurity on the OCC's enterprise network.
Examine the network, with a focus on the last two phases of the kill chain (i.e., “command and control “and “act on objectives”) for all anomalous activity and provide a holistic view of the risks and vulnerabilities within the OCC's environment. 

Serves as company liaison with customer on administrative and technical matters for assigned projects. Schedules work to meet completion dates and technical specifications;

 Provides guidance and work leadership to less-experienced engineers and technicians, and may have supervisory responsibilities.

 May serve as technical team or task lead.

 Maintains current knowledge of relevant technologies as assigned.

Participates in special projects as required. Education Bachelors of Science in Computer Science, Systems Engineering, Cybersecurity, Information Technology or related area.


Any of following SANS certifications: GCIH, GPEN, GWAPT, GXPN, GCFE, GCFA,    GREM
Certified Ethical Hacker (CEH)
Licensed Penetration Tester (LPT)
Certified Information Systems Security Professional (CISSP)

Qualifications Minimum of 6-10 years of experience as a subject matter expert/lead analyst regarding cyber threat intelligence.

Expert knowledge of policies, procedures, and protocols of a government Security Operations Center with emphasis on threat intelligence activities.

Significant experience using numerous security tools and technologies to include some of the following and/or closely comparable security technologies: McAfee IDS/IPS, Imperva web application firewalls, McAfee Enterprise Antivirus, BlueCoat, Symantec DLP, Mandiant/Fireeye, Guardian MDB Protect, Cisco firewalls, QualysGuard, AppScan

Preferred Qualifications:
Experience at the U.S. Department of Treasury
Previous threat intelligence experience at a federal agency similar in size, scope, and complexity.

 #eg As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.