Cyber Incident Response Analyst

About The Position

Requirements

• Top Secret/SCI security clearance.
• Bachelor’s degree in IT Technology, Computer Science, or related field. Degree may be substituted with additional years of experience.
• Minimum 5 years of related experience
• DOD 8140 (8570) IAT Level II (Security+ or equivalent).
• Strong system administration skills across Windows and Linux platforms
• In-depth understanding of the Incident Response lifecycle
• Proficiency in using the Elastic Stack (Elasticsearch, Logstash, Kibana)
• Familiarity with enterprise security tools and procedures
• Strong problem-solving and analytical skills
• Comfortable working with limited supervision in a shift-work setting
• Availability to work weekends and holidays as part of our 24/7 operations.

Nice To Haves

• AF DCGS experience.
• Four to seven years of intelligence network communications or Systems Administration experience.
• Knowledge of security best practices and standards, including NIST, ISO, and SOC operations.
• Experience with AWS and/or other cloud security platforms
• Background as an ISSO, including STIG/SCAP and vulnerability management
• Familiarity with tools such as Tanium, Trellix, and ACAS
• Understanding of network architecture and traffic analysis
• Basic scripting skills (Python, PowerShell, Bash)
• Elastic certification or SME-level expertise
• Effective written and verbal communication skills for documentation and collaboration

Responsibilities

• Lead and assist in incident response investigations through all phases (detection, containment, eradication, recovery, lessons learned) to ensure the confidentiality, integrity, and availability of the OA DCGS weapon system.
• Utilize ELK/Elastic Stack to perform log analysis, threat detection, and investigations; Create and maintain security incident reports and dashboards.
• Escalate and document internal/external security incidents through appropriate ticketing and reporting processing
• Design, implement, and maintain cybersecurity SOPs and incident playbooks
• Maintain documentation of IR processes and case notes; Ensure security testing and evaluations are completed and properly documented.
• Support proactive threat hunting and vulnerability assessments
• Analyze and correlate logs from varied data sources to identify patterns and anomalies
• Understand network protocols and establish baselines to identify abnormal activity
• Perform cyber threat analysis and reporting on information from both internal and external sources and appropriately apply gathered cyber threat intelligence to defending the enterprise network.
• Apply knowledge of Zero-Day vulnerabilities and CVEs to incident handling and remediation
• Collaborate with cross-functional teams and external stakeholders as needed
• Provide guidance for securing information systems and support cyber vulnerability penetration assessments.
• Operate independently during shifts and respond to security alerts with urgency

Benefits

• A culture of integrity.
• An environment of trust.
• A focus on continuous growth.
• flexible time off benefit
• robust learning resources
• healthcare
• wellness
• financial
• retirement
• family support
• continuing education
• time off benefits