Cybersecurity Incident Handler

Arlington, Virginia, United States
May 26, 2018
Jun 06, 2018
Full Time
Job Description Job Number: R0012903

Cybersecurity Incident Handler

Key Role:

Provide tactical to strategic level intelligence analysis of Cyber threats, vectors, and actors in support of Cyber defense and computer network operations. Consult on the use of forensics, network vulnerability, and malware analysis to conduct both technical analysis of Cyber threats and events and all-source analysis of Cyber threats, their vectors, and capabilities. Apply knowledge of both open source data and classified reporting to analyze and document the political, economic, social, and behavioral aspects of malicious Cyber activity and provide situational awareness of local, regional, and international Cyber threats, including attribution analysis of Cyber organizations, programs, capabilities, motivations, and intent to conduct Cyberspace operations.

Basic Qualifications:

-3+ years of experience with incident management or Cybersecurity

-Experience in recognizing and categorizing types of vulnerabilities and associated attacks

-Knowledge of incident response and handling methodologies

-Knowledge of the NCCIC National Cyber Incident Scoring System to be able to prioritize triaging of incidents

-Knowledge of general attack stages, including foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, and covering tracks

-Knowledge of computer network defense policies, procedures, and regulations

-Knowledge of different operational threat environments, including first generation script kiddies, second generation non-nation state sponsored, and third generation nation state sponsored

-Ability to perform discovered data to enable mitigation of potential computer network defense incidents within the enterprise

-Top Secret clearance

-HS diploma or GED

Additional Qualifications:

-Experience with receiving and analyzing network alerts from various sources within the enterprise and determine possible causes of such alerts

-Knowledge of system and application security threats and vulnerabilities, including buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code

-Ability to monitor external data sources, including computer network defense vendor sites, computer emergency response teams, SANS, and security focus to maintain currency of computer network defense threat condition and determine which security issues may have an impact on the enterprise

-Ability to identify the root cause of an incident and recognizing the key elements to ask for when engaging with the client to get the root cause of an incident

-Ability to track and document computer network defense incidents from initial detection through final resolution

-DHS Suitability clearance preferred

-SANS GIAC Certifications, including CISSP, CISM, CEH, and Security+


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Top Secret clearance is required.

We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation,

national origin, disability, or veteran status—to fearlessly drive change.

JHT, SIG2017

Similar jobs