Cyber Security Incident Response Analyst

Bethesda, VA
Jun 12, 2017
Oct 19, 2017
Full Time
Cyber Security Incident Response Analyst

AboutWeb is currently looking for a Cyber Security Incident Response Analyst to join a cyber security operations team on a contract with a federal government client with an important mission. This role will afford an opportunity to work with a great team while serving a fulfilling mission.

  • Monitor, triage, and prioritize events, alerts and tips for further investigation
  • Investigate events, alerts and tips to determine if an incident has occurred
  • Investigate network traffic for potential security incidents using
    • Sensor data
    • Packet captures (occasional)
  • Coordinate the response for confirmed security incidents, to include efforts to contain, remediate, recover, and prevent
  • Escalate to Enterprise Network Defense Analysts for more complex, deep, or lengthy investigations.
  • Maintain situational awareness and keep current with cyber security news and threat actor Tactics, Techniques, and Procedures (TTPs)
  • Document investigations using tickets, incident reports, etc.
  • Support the production of effective situational awareness products with relevant metrics and visualizations for key constituents and leadership
Qualifications / Requirements:
  • Credentials
    • Three or more years of work experience with at least one of those specialized in cyber security
    • BA or BS degree (additional years of experience in cyber security reduce this educational requirement)
  • Sound cyber security knowledge foundation, to include understanding of
    • Computer and network technology fundamentals
    • Network security
    • Host security
    • Security tools and technologies
  • Experience, Skills and Abilities
    • High technical ability/aptitude, demonstrated through prior technical experience and accomplishment
    • Critical thinking skills
    • Analytic skills and experience
    • Strong teamwork and collaboration skills
    • Good written and verbal communication skills
    • Ability to pass a security clearance background investigation
    • Ability to work independently
    • Ability to work on occasional weekends and holidays

Preferred Qualifications:
  • One or more certifications in information security (such as GCIA, GCIH, CEH, CISSP, SSCP, Sec+, etc)
  • Experience in a cyber security operational environment
  • Security clearance
  • Knowledge and experience using an incident response framework
  • Experience with SIEM tools
  • Programming or scripting experience
  • Server and/or application administration experience

Similar jobs