Cybersecurity Incident Handler

Arlington, Virginia, United States
May 26, 2018
Jun 07, 2018
Full Time
Job Description Job Number: R0012905

Cybersecurity Incident Handler

Key Role:

Apply knowledge of tactical to strategic level intelligence analysis of Cyber threats, vectors, and actors in support of Cyber defense and computer network operations. Advise on the use of forensics, network vulnerability, and malware analysis to conduct both technical analysis of Cyber threats and events and all-source analysis of Cyber threats, their vectors, and capabilities. Use both open source data and classified reporting to analyze and document the political, economic, social, and behavioral aspects of malicious Cyber activity and provide situational awareness of local, regional, and international Cyber threats, including attribution analysis of Cyber organizations, programs, capabilities, motivations, and intent to conduct Cyberspace operations. Provide work leadership for lower level employees.

Basic Qualifications:

-10+ years of experience with incident management or Cybersecurity

-Experience in recognizing and categorizing types of vulnerabilities and associated attacks

-Knowledge of incident response and handling methodologies and the NCCIC National Cyber Incident Scoring System to be able to prioritize triaging of incidents

-Knowledge of general attack stages, including foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, and covering tracks

-Ability to correlate incident data to identify specific trends in reported incidents and recommend Defense in Depth principles and practices, including defense in multiple places, layered defenses, and security robustness

-Ability to perform computer network defense incident triage, including determining scope, urgency, and potential impact

-Ability to identify the specific vulnerability and make recommendations that enable expeditious remediation

-Ability to perform discovered data to enable mitigation of potential computer network defense incidents within the enterprise actors to identify and validate threats

-Top Secret clearance

-HS diploma or GED

Additional Qualifications:

-Experience with receiving and analyzing network alerts from various sources within the enterprise and determine possible causes of such alerts

-Knowledge of basic system administration and operating system hardening techniques

-Knowledge of computer network defense policies, procedures, and regulations

-Knowledge of different operational threat environments, including first generation script kiddies, second generation non-nation state sponsored, and third generation nation state sponsored

-Knowledge of system and application security threats and vulnerabilities, including buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code

-Ability to monitor external data sources, including computer network defense vendor sites, computer emergency response teams, SANS, and security focus to maintain currency of computer network defense threat condition and determine which security issues may have an impact on the enterprise

-Ability to identify the root cause of an incident and recognize the key elements to ask for when engaging with the client to get the root cause of an incident

-Ability to track and document computer network defense incidents from initial detection through final resolution

-DHS Suitability clearance preferred

-SANS GIAC Certifications, including CISSP, CISM, CEH, and Security+


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Top Secret clearance is required.

We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation,

national origin, disability, or veteran status—to fearlessly drive change.

JHT, SIG2017

Similar jobs