Incident Response Expert III

About The Position

Requirements

• U.S. Citizenship
• Must have an active TS/SCI clearance
• Must be able to obtain DHS Suitability
• 5+ years of directly relevant experience in expertise
• Must be able to travel domestically on short notice
• Strong understanding of network architecture/security
• Experience performing cyber incident response
• Ability to think independently
• Demonstrates superior written and oral communication skills
• Must be able to work collaboratively across physical locations
• Skilled in identifying different classes of attacks and attack stages
• Understanding of system and application security threats and vulnerabilities
• Understanding of proactive analysis of systems and networks, to include creating trust levels of critical resources
• Proficiency with common operating systems (e.g. Linux/Unix, Windows)

Nice To Haves

• Experience leading and mentoring technical teams
• Knowledge of Computer Network Defense policies, procedures and regulations
• Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation-state sponsored], and third generation [nation-state sponsored])
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code)
• Network and System administration experience
• Strong understanding of adversarial tactics/techniques/procedures (TTPs)
• Experience with Identity and Access Management (IAM) tools
• Ability to review and analyze Enterprise Architecture (EA) from a security perspective
• Understanding of cyber defense-in-depth principles
• Hands-on skill in host/network intrusion detection
• Ability to perform event correlation
• Experience with malicious activity analysis
• Ability to collaborate with stakeholders at multiple levels within an organization

Responsibilities

• Serves as hunt and incident response subject matter expert (SME), applying in-depth knowledge of threat actor (TA) tools, techniques, and procedures (TTPs)
• Distills analytic findings into executive summaries and in-depth technical report
• Provide expert support, analysis, and research with only broad direction into exceptionally complex problems and processes relating to the subject matter as it relates to hunt and incident response activities
• Serves as technical expert on high-level incident response teams providing technical direction, interpretation, and alternatives
• Exercises considerable latitude in determining technical objectives of an assignment or task at hand
• Independently develops technical solutions to complex problems that require the regular use of ingenuity and creativity
• Analyzes incident data and victim environments to recommend targeted mitigations
• Advise technical personnel on countermeasure implementation and customization
• Supports internal stakeholders on containment and eradication missions
• Documents analysis in a standardized knowledgebase for sharing and publication
• Assists in maintaining branch process and procedure documentation
• Guides to the completion of hunt and incident response activities