Cybersecurity Incident Handler

Arlington, Virginia, United States
May 26, 2018
Jun 06, 2018
Full Time
Job Description Job Number: R0012904

Cybersecurity Incident Handler

Key Role:
Provide tactical to strategic level intelligence analysis of Cyber threats, vectors, and actors in support of Cyber defense and computer network operations under limited supervision. Consult on the uses of forensics, network vulnerability, and malware analysis to conduct both technical analysis of Cyber threats and events and all-source analysis of Cyber threats and their vectors and capabilities. Apply knowledge of both open source data and classified reporting to analyze and document the political, economic, social, and behavioral aspects of malicious Cyber activity and provide situational awareness of local, regional, and international Cyber threats, including attribution analysis of Cyber organizations, programs, capabilities, motivations, and intent to conduct Cyberspace operations. 

Basic Qualifications:
-5+ years of experience with incident management or Cybersecurity
-Knowledge of incident response and handling methodologies and how to use the NCCIC National Cyber Incident Scoring System to prioritize incident triage 
-Knowledge of general attack stages
-Ability to correlate incident data to identify specific trends in reported incidents and recommend Defense in Depth principles and practices, including Defense in Multiple Places, layered defenses, and security robustness
-Ability to perform Computer Network Defense incident triage, including determining scope, urgency, and potential impact
-Ability to identify specific vulnerabilities, make recommendations that enable expeditious remediation, and perform discovered data to enable mitigation of potential Computer Network Defense incidents within the enterprise
-Ability to apply expertise in the tactics, techniques, and procedures of various threats to identify and validate threats
-Ability to apply Cybersecurity concepts to the detection and defense of intrusions into small, and large-scale IT networks
-Top Secret clearance
-HS diploma or GED

Additional Qualifications:
-Experience with receiving and analyzing network alerts from various sources within the enterprise and determining the possible causes of such alerts
-Knowledge of basic system administration and operating system hardening techniques
-Knowledge of Computer Network Defense policies, procedures, and regulations
-Knowledge of different operational threat environments 
-Knowledge of system and application security threats and vulnerabilities, including buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code
-Ability to monitor external data sources, including Computer Network Defense vendor sites, Computer Emergency Response Teams, SANS, and Security Focus to maintain currency of Computer Network Defense threat conditions and determine which security issues may have an impact on the enterprise
-Ability to identify the root cause of an incident and recognize the key elements to ask for when engaging with the customer to get the root cause of an incident
-Ability to track and document Computer Network Defense incidents from initial detection to final resolution
-DHS Suitability clearance
-SANS GIAC Certifications, including CISSP, CISM, CEH, or Security+

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Top Secret clearance is required.

We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation,

national origin, disability, or veteran status—to fearlessly drive change.

JHT, SIG2017

Similar jobs