Cyber Incident Analyst Responder with Security Clearance

Company: Federal Data Systems Inc
Location: Arlington
Posted on: January 12, 2021

Job Description:

?Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, as well as embedded systems and mainframes. ? Monitor open source channels (e.g. vendor sites, Computer Emergency Response Teams, SysAdmin, Audit, Network, Security (SANS) Institute, Security Focus) to maintain a current understanding of Computer Network Defense (CND) threat condition and determine which security issues may have an impact on the enterprise. ? Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security. ? Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or Bro as part of duties performing cyber incident response analysis. ? Track and document CND hunts and incidents from initial detection through final resolution. ? Identify intrusion artifacts at the host and network level, have a strong understanding how discovered data can be used to enable CND hunts and incident mitigation within the enterprise ? Perform forensically sound collection of host based images with ability to perform memory and disk forensics. ? Perform real-time enterprise CND hunt and incident handling (e.g. forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Hunt and Incident Response Teams (IRTs). ? Write technical reports on incident findings (e.g. engagement reports) and provide CND guidance to appropriate constituencies. ? Monitor and analyze network alerts from sources within the enterprise to determine potential compromise. ? Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities. ? Correlate multiple data sources to identify potential network exploitation and make recommendations that enable expeditious remediation ? Will be required to travel up to 30% of time, with duration's up to two weeks. Basic Qualifications - To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below. This requisition may be filled at a higher grade based on qualifications listed below. This requisition may be filled at either a level 3 or 4. ? Bachelor's Degree in Information Technology (IT) or other related technical field and a minimum of 5 years' experience required for the level 3 role. ? Bachelor's Degree in Information Technology (IT) or other related technical field and a minimum of 9 years' experience required for the level 4 role. ? Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment. ? Familiar with network analytics including PCAP analysis. ? Understanding of cyber forensics concepts including malware, hunt, etc. ? Understanding of how both Windows and Linux systems are compromised. ? Understanding of Network-based protocols Preferred Qualifications - Candidates with these desired skills will be given preferential consideration: ? Current active DHS SCI and EOD. ? Experience using Splunk for system data analytics and monitoring strongly preferred. ? Experience performing cyber forensics, malware analysis, cyber hunt, etc. strongly preferred. ? A professional certification such as GCFA, GNFA, GREM, or GCIH is highly desirable.

Keywords: Federal Data Systems Inc, Arlington , Cyber Incident Analyst Responder with Security Clearance, Professions , Arlington, Virginia