Incident Responder

About The Position

Requirements

• TS/SCI Security Clearance
• BA/BS in Computer Science, Information Technology, Information Assurance, or a related area of study desired. Without a degree, 8+ years of relevant professional experience in those fields is required.
• Must have 5+ years of concentrated experience in CND discipline.
• 3+ years of professional experience in incident triage, incident reporting, incident response and investigation, incident and intrusion trend analysis, interpreting Security Classification Guides and applying classification markings/interpretations, and spillage cleanup coordination.
• Effective interpersonal, organizational, time management, writing/documentation, and briefing skills with strong attention to detail.
• Strong analytical, conceptual, and problem-solving skills.
• Proven ability in communicating effectively and developing/presenting presentations.
• Ability to think outside the box by utilizing IT knowledge and cybersecurity tool output to investigate incidents.
• Proven ability in prioritizing, executing, and completing tasks with little to no direction in a high-pressure environment.
• Moderate experience utilizing Federal, DoD, IC, and industry standards in the creation of "best practices," manuals, and standard operating procedures.
• Moderate experience in the development and implementation of Incident Reporting, Response, and Remediation tactics, techniques, and procedures (TTPs).
• Moderate knowledge of policies and processes related to Computer Network Defense (CND) execution.
• Moderate knowledge of incident management lifecycle processes required for the identification, categorization, eradication, response, recovery, and mitigation of cybersecurity incidents and breaches.
• Moderate knowledge of common enterprise services such as domain controller

Responsibilities

• Incident Management: Manage the full incident lifecycle, including detection, analysis, containment, remediation, and recovery.
• Triage, report, and respond to security incidents in a timely manner.
• Conduct incident and intrusion trend analysis to identify patterns and potential threats.
• Documentation and Reporting: Document incidents clearly and concisely, ensuring all relevant information is captured for future analysis and legal or compliance purposes.
• Prepare and present detailed incident reports and briefings to stakeholders.
• Security Classification and Spillage Cleanup: Interpret Security Classification Guides and apply classification markings/interpretations.
• Coordinate spillage cleanup activities to ensure data integrity and security.
• Threat Intelligence and Best Practices: Utilize threat intelligence to enhance incident response efforts.
• Develop and implement "best practices," manuals, and standard operating procedures based on Federal, DoD, IC, and industry standards.
• Collaboration and Stakeholder Management: Collaborate with technical teams to implement remediation measures to prevent recurrence of incidents.
• Coordinate with stakeholders to provide updates and recommendations for improving security practices based on post-incident analysis.
• Tool Utilization: Utilize incident tracking tools such as ticketing systems and case management platforms.
• Employ cybersecurity tools to investigate instances of alleged employee or external actor wrongdoing.

Benefits

• healthcare
• wellness
• financial
• retirement
• family support
• continuing education
• time off benefits