Cyber Incident Responder

About The Position

Requirements

• 5+ years of experience in malware analysis, digital forensics, data and network analysis, penetration testing, information assurance, trends analysis, quality control analysis, information assurance, or vulnerability management
• Experience applying the NIST incident response life cycle to cybersecurity events
• Experience with vulnerability analysis, including static code analysis
• Experience with security monitoring and alert triage
• Knowledge of system administration, network security concepts, and operating system hardening techniques
• Knowledge of security AWS cloud computing services, including Identity and Access Management (IAM), IAM roles, policies, and permission boundaries, CloudTrail, CloudWatch, and common log sources such as VPC Flow Logs, S3 access logs, DNS logs, GuardDuty, Security Hub CPSM, Inspector, and Config
• Knowledge of AWS cloud computing infrastructure services, including EC2, S3, VPC, Lambda, EKS, RDS, and Route 53
• Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies
• TS/SCI clearance
• Bachelor's degree

Nice To Haves

• Experience identifying, capturing, containing, and reporting malware
• Experience performing damage assessments and documenting incidents through root cause analysis and after-action reports
• Experience using security event correlation tools and designing incident response for cloud service models
• Experience utilizing AWS command line interface in relation to security-relevant AWS services and log sources
• Experience with programming or scripting, including Python and Bash
• Knowledge of preserving evidence integrity according to standard operating procedures or national standards
• Ability to recognize and categorize types of vulnerabilities and associated attacks
• Ability to protect a network against malware, including NIPS, anti-malware, restrict and prevent external devices, and spam filters
• Possession of strong written and verbal communication skills
• Security+, CISSP, CASP, or GCED Certification

Responsibilities

• Analyze logs, forensic data, and threat intelligence to find advanced threats.
• Respond to active threats in real time.
• Analyze patterns to understand attackers’ goals and stop them from succeeding.
• Advise the customer on ways to close gaps and harden their network.

Benefits

• health, life, disability, financial, and retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs
• dependent care
• recognition awards program