Today
Top Secret
Mid Level Career (5+ yrs experience)
No Traveling
IT - Security
Ft Belvoir, VA•Battle Creek, MI•Columbus, OH
Cyber Incident Response & Threat Detection Analyst
Location: Ft. Belvoir, VA, Battle Creek, MI, or Columbus, OH
Clearance: DOD Top Secret Clearance and be eligible for an IT-I Critical Sensitive security
clearance or Tier 5 (T5)
Overview:
Participates in 24x7x365 monitoring of SIEM and other cybersecurity monitoring tools to detect and respond to cybersecurity threats within the Enterprise Network Environment. Performs actions to protect, monitor, detect, analyze, and respond to unauthorized activity. Employs Cybersecurity capabilities and deliberate actions to respond to specific alerts or emerging threats. Reviews logged events for trends that are indicative of attack or compromise within the environment. Actively monitors logs and traffic for Advanced Persistent Threats (APT) and "low and slow" attacks within the environment. Maintains awareness of possible threats with the use of intelligence resources which include Open-Source Intelligence (OSINT). Provides technical analysis and sustainment support for the enterprise for Cybersecurity tools and applications and assists with the application of Defense-In-Depth signatures and perimeter defense controls to diminish network threats.
Key Responsibilities:
• Perform real-time and historical analysis of data derived from system for traces of
malware and compromise.
• Correlate data from multiple sources to include host & network-based IDS & IPS,
available of and packet capture data, data pulled by forensics tools, government & opensource
intelligence, and data from custom tools.
• Assess suspected or confirmed cyber incidents and take immediate action to prevent the
spread of the activity and restoral of affected systems and data.
• Monitor and enforce incident handling/response and overall cybersecurity practices and
procedures
• Develop countermeasures such as custom SIEM and IDS rules/signatures and strengthen
the organization’s ability to prevent and detect attacks against assets and data.
• Perform Incident Handling tasks (e.g., triage, response activities, documentation,
reporting, lessons learn, etc.)
Minimum Requirements:
• Bachelor’s degree in cyber security, Information Technology, or a related field or
Five (5) years relevant experience
• Two (2) years performing root cause analysis of cybersecurity events and incidents.
• Working knowledge of at least two types of security tools: Firewall, IDS/IPS, Host based
antivirus, Data loss prevention, Vulnerability Management, Forensics, Malware Analysis,
Device Hardening, Understanding of Defense-in-Depth, Ability to build scripts and tools
to enhance threat detection and incident response capabilities (Preferably in SPL, Python,
PowerShell)
• Must possess DOD Top Secret Clearance and be eligible for an IT-I Critical Sensitive
security clearance or Tier 5 (T5)
• Must have Baseline Certification for IAT-II and CNDSP/CSSP-IR
MANDEX, Inc. is an Equal Employment Opportunity employer and does not discriminate on the basis of race, national origin, gender, sexual orientation, disability, veterans’ status, age, or other legally protected status.
MANDEX, Inc. reserves the right to perform background screening and drug testing prior to extending offers of employment.
MANDEX attracts and retains smart and motivated professionals in the government contracting industry. We offer competitive salaries and excellent benefits packages, including a matched 401(k) plan.
Location: Ft. Belvoir, VA, Battle Creek, MI, or Columbus, OH
Clearance: DOD Top Secret Clearance and be eligible for an IT-I Critical Sensitive security
clearance or Tier 5 (T5)
Overview:
Participates in 24x7x365 monitoring of SIEM and other cybersecurity monitoring tools to detect and respond to cybersecurity threats within the Enterprise Network Environment. Performs actions to protect, monitor, detect, analyze, and respond to unauthorized activity. Employs Cybersecurity capabilities and deliberate actions to respond to specific alerts or emerging threats. Reviews logged events for trends that are indicative of attack or compromise within the environment. Actively monitors logs and traffic for Advanced Persistent Threats (APT) and "low and slow" attacks within the environment. Maintains awareness of possible threats with the use of intelligence resources which include Open-Source Intelligence (OSINT). Provides technical analysis and sustainment support for the enterprise for Cybersecurity tools and applications and assists with the application of Defense-In-Depth signatures and perimeter defense controls to diminish network threats.
Key Responsibilities:
• Perform real-time and historical analysis of data derived from system for traces of
malware and compromise.
• Correlate data from multiple sources to include host & network-based IDS & IPS,
available of and packet capture data, data pulled by forensics tools, government & opensource
intelligence, and data from custom tools.
• Assess suspected or confirmed cyber incidents and take immediate action to prevent the
spread of the activity and restoral of affected systems and data.
• Monitor and enforce incident handling/response and overall cybersecurity practices and
procedures
• Develop countermeasures such as custom SIEM and IDS rules/signatures and strengthen
the organization’s ability to prevent and detect attacks against assets and data.
• Perform Incident Handling tasks (e.g., triage, response activities, documentation,
reporting, lessons learn, etc.)
Minimum Requirements:
• Bachelor’s degree in cyber security, Information Technology, or a related field or
Five (5) years relevant experience
• Two (2) years performing root cause analysis of cybersecurity events and incidents.
• Working knowledge of at least two types of security tools: Firewall, IDS/IPS, Host based
antivirus, Data loss prevention, Vulnerability Management, Forensics, Malware Analysis,
Device Hardening, Understanding of Defense-in-Depth, Ability to build scripts and tools
to enhance threat detection and incident response capabilities (Preferably in SPL, Python,
PowerShell)
• Must possess DOD Top Secret Clearance and be eligible for an IT-I Critical Sensitive
security clearance or Tier 5 (T5)
• Must have Baseline Certification for IAT-II and CNDSP/CSSP-IR
MANDEX, Inc. is an Equal Employment Opportunity employer and does not discriminate on the basis of race, national origin, gender, sexual orientation, disability, veterans’ status, age, or other legally protected status.
MANDEX, Inc. reserves the right to perform background screening and drug testing prior to extending offers of employment.
MANDEX attracts and retains smart and motivated professionals in the government contracting industry. We offer competitive salaries and excellent benefits packages, including a matched 401(k) plan.
group id: 10111934
