Cyber Incident Response Team Lead

TekSynap•Ashburn, VA

13d•Onsite

About The Position

We are seeking an experienced Cyber Incident Response Team Lead in support of a government customer to join our team to provide Security Operations Support (SOC) Services to a government agency whose mission is to protect our Nation’s borders from terrorist attacks, to provide law enforcement for over forty (40) Federal agencies, and to protect the revenue of the United States while facilitating trade. The SOC is a single point of management and reporting for information security incidents. The SOC exists to prevent, identify, contain, and eradicate cyber threats to networks through monitoring, intrusion detection, and protective security services to information systems, including local area networks / wide area networks (LAN / WAN), commercial Internet connection, public facing websites, wireless, mobile / cellular, cloud, security devices, servers, and workstations. The SOC is responsible for the overall security of Enterprise-wide information systems and collects, investigates, and reports any suspected and confirmed security violations. TekSynap is a fast-growing high-tech company that understands both the pace of technology today and the need to have a comprehensive well planned information management environment. “Technology moving at the speed of thought” embodies these principles – the need to nimbly utilize the best that information technology offers to meet the business needs of our Federal Government customers. We offer our full-time employees a competitive benefits package to include health, dental, vision, 401K, life insurance, short-term and long-term disability plans, vacation time and holidays. Visit us at www.TekSynap.com . Apply now to explore jobs with us! The safety and health of our employees is of the utmost importance. Employees are required to comply with any contractually mandated Federal COVID-19 requirements. More information can be found here . "As part of the application process, you agree that TekSynap Corporation may retain and use your name, e-mail, and contact information for purposes related to employment consideration" .

Requirements

Clearance requirement: Top Secret (SCI eligible)
Experience: Five (5) years of progressively responsible experience in cyber security, information security, security engineering, network engineering with emphasis in cyber security issues and operations, computer incident response, systems architecture, or data management.
Education: Bachelor’s of Science in computer engineering, computer science, IT or cyber security (or 8 years of relevant work experience in lieu of a degree)
Certifications: Certified Information System Security Professional (CISSP)
And have one or more of the following certifications: SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Certified Incident Handler (GCIH); SANS GIAC Certified Forensic Analyst (GCFA); SANS GIAC Certified Enterprise Defender (GCED) or other Information Assurance Technician (IAT) Level III certification in accordance with DoD Directive 8570.1.

Nice To Haves

Experience with cloud- based security technologies, architecture, and computing and searching, monitoring, and analyzing machine-generated big data is preferred.

Responsibilities

Make security content (e.g., SIEM, EDR, IDS) recommendations to include new signatures, signature modifications, signature removals, and incorporate Indicators of Compromise (IOCs) from internal and external sources to improve security posture and mitigate cyber threats.
Assist with advanced analysis of data file system artifacts, memory, and advanced Network and Log analysis during incidents to detect, investigate, scope, and contain compromises on Windows, Linux, Mac, and / or Cloud Environments such as AWS, Azure, and others.
Provide support of computer-related cybersecurity incidents and cybersecurity reporting.
Assist with conducting risk assessment analysis.
Provide support to the investigation leads during investigations while also managing the lifecycle of all SOC investigations from creation to closure supporting misuse and information spillage as necessary.
Exhibit proficient use of cyber tools, including but not limited to Security Information and Event Management (SIEM) endpoint detection and response tools Intrusion Prevention / Detections Systems (IPS / IDS) and case management platforms.
Collaborate with government analysts to provide post-incident recommendations for improving security posture based upon the results of an investigation.
Support and manage Information / Data Spillage Incident Response efforts and provide recommendations on handling and sanitization methods pursuant to industry best practices, NIST 800-88 recommendations, and Federal guidelines.
Assist with development and updates of SOPs, in accordance with applicable Federal policies, regulations, directives, and standards
Make security content (e.g., SIEM, EDR, IDS) recommendations to include new signatures, signature modifications, signature removals, and incorporate Indicators of Compromise (IOCs) from internal and external sources to improve security posture and mitigate cyber threats.