Incident Responder (Secret Clearance Required, Onsite)

About The Position

Requirements

• A minimum of a bachelor's degree.
• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
• Active Secret Clearance required
• Ability to work onsite in Herndon, VA.
• 3+ years of experience within the following: Working as a network security analyst in a security operations center and/or in handling, responding, and managing computer security incidents
• Ability to analyze information technology security events and distinguish legitimate security incidents from non-incidents. This includes identifying malicious code or activities within computer systems and enterprise networks.
• Must have working knowledge of various operating systems (e.g., Windows, OS X, Linux) commonly deployed in enterprise environments. A conceptual understanding of Windows Active Directory is also required.
• Must possess working knowledge of network communications and routing protocols (e.g., TCP, UDP, ICMP, BGP, MPLS) and common internet applications and standards (e.g., SMTP, DNS, DHCP, SQL, HTTP, HTTPS).
• Must have experience with event logging systems and be proficient in analyzing security event logs.
• Previous experience with SIEM platforms that perform log collection, analysis, correlation, and alerting is required.
• Must be proficient in utilizing various Packet Capture (PCAP) applications/engines and in analyzing PCAP data.
• Must have experience in identifying and implementing countermeasures or mitigating controls for deployment in enterprise network environments.

Responsibilities

• Lead and execute all phases of the incident response lifecycle, including planning, identification, containment, eradication, recovery, and follow-up in alignment with client security requirements.
• Analyze and triage security events and alerts from event logging systems, SIEM platforms, and PCAP data to accurately distinguish true security incidents from non-incidents and identify indicators of malicious activity or code.
• Coordinate containment and eradication efforts by developing and implementing countermeasures across enterprise environments to limit impact and support rapid recovery.
• Prepare clear, detailed incident reports and briefings that document findings, response actions, lessons learned, and recommendations for prevention and remediation.
• Collaborate effectively with internal SOC teams and external stakeholders.