Job Requirements
Remote
Top Secret Polygraph not specified
Mid Level Career (5+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries
Job Description
We are hiring a Cyber Defense Incident Responder to work on our contract with DCSA in Quantico, VA AND Hanover, MD
2/3 Days onsite every week required.
Tasks includes: Log reports, forensics investigations, incident reports, trend reports on classified data spills. Log reports are conducted daily, covering the Security Information and Event Manager (SEIM, Host Based Security System (HBSS), and vulnerability scanners. Log reports are produced daily covering 30-plus activities that are used to depict current network security and any anomalous activity. Review logs to include but not limited to servers, firewalls, web proxy, and infrastructure devices.
Location: Quantico, VA Now 60% Remote POST COVID 50% Remote
Must possess an active Top Secret security clearance with the ability to obtain and read on SCI
• Identify violations of internet access by reviewing web content filtering logs in accordance with DCSA policy, DoD policy, and CND SOP.
• Identify and report incidents that involve email to include but not limited to phishing, malware, and spillage.
• Develop and maintain SOPs for security monitoring.
• Provide daily reports on key indicators of network security as provided by DSS net defender SOP.
• Generate reports showing specific types of incidents.
• Create SOPs and guides for response to specific categories and types of incidents.
• Perform trend analysis of incidents to identify potential problem areas.
• Make recommendations for systemic, policy or procedural changes in order to mitigate specific risks.
• Execute Incident Response Plan as required.
• Support security incident reporting on all network computer security incidents and spillages.
• Analyze Endpoint Security Solutions (ESS) log data to determine potential threats.
• Analyze ESS log data to determine rogue systems.
• Analyze ESS logs to determine infected systems.
• Analyze ESS logs to identify systems that had unauthorized USBs connected to them.
• Analyze ESS logs to determine unauthorized system changes.
• Develop and maintain SOP for ESS Continuous Monitoring.
• Develop and maintain a forensic SOP for conducting forensic investigations in accordance with DoD and DCSA directives and legal requirements
• Conduct Forensic investigations with EnCase Forensic (or similar) tool using all legal and DCSA Control Steps.
• Acquire and preserve a forensic image of data from system hard disk drives, and volatile memory to include but not limited to documents, images, email, webmail, Internet artifacts, web history and cache, HTML page reconstruction, chat sessions, compressed files, backup files, encrypted files, RAIDs, system files, executables, scripts, on workstations, laptops, servers, VDIs, external mass storage, and smartphones and tablets.
• Create a forensic exact binary duplicate of the original system or media utilizing EnCase Forensic (or similar) tool.
• Daily, review or user activity discovered by CND network monitoring tools.
• Analyze user activity data from CND tools to determine which indicators or triggers can be applied.
• Determine thresholds for user activity that would require referral to DSS Insider Threat Working Group.
• Analyze user activity data from CND tools to determine if thresholds for user activity have been met for that would require further investigation.
• Make recommendations for systemic, policy or procedural changes in order to mitigate vulnerabilities found.
Required
• Must meet DoD 8570.01-M IAT Level II Certification and be able to perform as an CSSP-IR.
• Associate’s Degree in Information Technology, Information Systems Management, Cyber Security, or equivalent experience.
• At least 3 years hands-on technical cybersecurity experience and knowledge with Computer Network Defense concepts, DISA Security Technical Implementation Guides, DoD A&A Process, NIST SP 800-53, NIST SP 800-61, CJCSM 6510.01 B, United States Cyber Command guidelines, and other applicable DoD cybersecurity and Computer Network Defense policies.
Preferred
• Certified CSSP-IR Level to include one of the following certifications: CEH, CFR, CCNA Cyber Ops, CCNA Security, CHFI, CySA+, GCFA, GCIH, SCYBER, Pen+
2/3 Days onsite every week required.
Tasks includes: Log reports, forensics investigations, incident reports, trend reports on classified data spills. Log reports are conducted daily, covering the Security Information and Event Manager (SEIM, Host Based Security System (HBSS), and vulnerability scanners. Log reports are produced daily covering 30-plus activities that are used to depict current network security and any anomalous activity. Review logs to include but not limited to servers, firewalls, web proxy, and infrastructure devices.
Location: Quantico, VA Now 60% Remote POST COVID 50% Remote
Must possess an active Top Secret security clearance with the ability to obtain and read on SCI
• Identify violations of internet access by reviewing web content filtering logs in accordance with DCSA policy, DoD policy, and CND SOP.
• Identify and report incidents that involve email to include but not limited to phishing, malware, and spillage.
• Develop and maintain SOPs for security monitoring.
• Provide daily reports on key indicators of network security as provided by DSS net defender SOP.
• Generate reports showing specific types of incidents.
• Create SOPs and guides for response to specific categories and types of incidents.
• Perform trend analysis of incidents to identify potential problem areas.
• Make recommendations for systemic, policy or procedural changes in order to mitigate specific risks.
• Execute Incident Response Plan as required.
• Support security incident reporting on all network computer security incidents and spillages.
• Analyze Endpoint Security Solutions (ESS) log data to determine potential threats.
• Analyze ESS log data to determine rogue systems.
• Analyze ESS logs to determine infected systems.
• Analyze ESS logs to identify systems that had unauthorized USBs connected to them.
• Analyze ESS logs to determine unauthorized system changes.
• Develop and maintain SOP for ESS Continuous Monitoring.
• Develop and maintain a forensic SOP for conducting forensic investigations in accordance with DoD and DCSA directives and legal requirements
• Conduct Forensic investigations with EnCase Forensic (or similar) tool using all legal and DCSA Control Steps.
• Acquire and preserve a forensic image of data from system hard disk drives, and volatile memory to include but not limited to documents, images, email, webmail, Internet artifacts, web history and cache, HTML page reconstruction, chat sessions, compressed files, backup files, encrypted files, RAIDs, system files, executables, scripts, on workstations, laptops, servers, VDIs, external mass storage, and smartphones and tablets.
• Create a forensic exact binary duplicate of the original system or media utilizing EnCase Forensic (or similar) tool.
• Daily, review or user activity discovered by CND network monitoring tools.
• Analyze user activity data from CND tools to determine which indicators or triggers can be applied.
• Determine thresholds for user activity that would require referral to DSS Insider Threat Working Group.
• Analyze user activity data from CND tools to determine if thresholds for user activity have been met for that would require further investigation.
• Make recommendations for systemic, policy or procedural changes in order to mitigate vulnerabilities found.
Required
• Must meet DoD 8570.01-M IAT Level II Certification and be able to perform as an CSSP-IR.
• Associate’s Degree in Information Technology, Information Systems Management, Cyber Security, or equivalent experience.
• At least 3 years hands-on technical cybersecurity experience and knowledge with Computer Network Defense concepts, DISA Security Technical Implementation Guides, DoD A&A Process, NIST SP 800-53, NIST SP 800-61, CJCSM 6510.01 B, United States Cyber Command guidelines, and other applicable DoD cybersecurity and Computer Network Defense policies.
Preferred
• Certified CSSP-IR Level to include one of the following certifications: CEH, CFR, CCNA Cyber Ops, CCNA Security, CHFI, CySA+, GCFA, GCIH, SCYBER, Pen+
group id: 10191027