user avatar

CSOS Analyst Tier 3

Crimson Phoenix

Yesterday
Top Secret/SCI
Unspecified
Unspecified
Springfield, VA (On-Site/Office)
Job Description

What You Will Be Doing:
  • Coordinating and implementing tasks, performing analysis, and building/documenting response activities required during cyber security incident response, to include but not limited to actions such as implementing containment measures, IP blocks, domain blocks, and disabling user accounts on direction of the Government.
  • Coordinating with Security and Installations Directorate (SI) Office of Counterintelligence (SIC), Insider Threat Office (SIII), in addition to other law enforcement and counter intelligence personnel as required to perform advanced investigation and triage of incidents.
  • Collaborating with appropriate authorities in the production of security incident reports.
  • Categorizing incidents and events.
  • Coordinating with other contracts, organizations, activities, and other services as appropriate to ensure incidents are properly reported, contained, and eradicated.
  • Coordinating with other contracts, organizations, activities, and other services as appropriate to de-conflict blue / red team activity with open incidents/events.
  • Coordinating with other contracts, organizations, activities, and services to ensure NGA recovers from an incident/event.
  • Building timelines, documents, briefings, and other products as required to inform stakeholders of incident response actions, analysis, and the impact of both adversary activity and blue force response actions.
  • Documenting actions taken and analysis in the authorized ticketing system to a level of detail where the actions taken and analysis are capable of being systematically reconstructed.
  • Developing and, when approved by the Government, generating and updating reports in the Joint Incident Management System (JIMS), Incident Case Management System (ICMS), and/or other authorized reporting systems as directed.
  • Developing, maintaining, sustaining, and when properly authorized by the Government executing custom scripts, tools, and capabilities to collect and analyze data and to respond to incidents/events.
  • Performing digital media analysis on host, server, and network data as required to analyze and respond to an incident, to include but not limited to volatile and non-volatile memory and/or system artifact collection and analysis.
  • Developing and identifying indicators of compromise to send to Cybersecurity stakeholders and other Contract Services.
  • Providing adversary attribution.
  • Performing malware analysis and signature development.
  • Coordinating with CSOC Tier 1 and 2 services to remediate all discrepancies and provide recommendations to prevent reoccurrence.
group id: 90901937
R
Recruiter
Find Crimson Phoenix on Social Media
FacebookFacebookother imageOther
Network Employers
user avatar
About Us
Crimson Phoenix provides cutting-edge data-enabled solutions to the Intelligence and Defense Communities, with a focus on artificial intelligence, machine learning, and digital technologies that enhance intelligence analysis to the forefront of innovation. At Crimson Phoenix, we are focused on our people and the mission. As a dedicated provider to our defense and intelligence communities, our mission transcends beyond contracts and deadlines—it’s about making a tangible difference in the world. Join us, and you’re not just joining a company, you’re becoming a vital part of a team committed to excellence, integrity, and a passion for transforming challenges into impactful solutions.
See Crimson Phoenix profile

Crimson Phoenix Jobs

Clearance Level
Top Secret/SCI