IRES000004 Junior Cyber Defense Analyst / Incident Responder (J)

About The Position

Requirements

• Must have 3, or more, years of general (full-time) work experience
• Must have 2 years of directly related experience in information security, physical security, or cybersecurity, or a combination thereof
• Must have a current DoD 8570.01-M IAT Level II certification with Continuing Education (CE) - (CySA+, GICSP, GSEC, Security+ CE, SSCP)
• Must have, or obtain, a DoD 8570.01-M CSSP Analyst and Incident Responder certification (CEH or CySA+ cover both) with 6 months of start date.
• Must have an active DoD Secret Security Clearance
• Have experience with most MS Office applications (Word, Excel, PowerPoint, and Visio).
• Be able to multi-task and prioritize various projects and assignments in a dynamic work environment in order to meet scheduled/unscheduled customer requests.
• Be willing to travel 25% of the time.
• Be willing to work rotating shifts in a 24x7x365 operational environment and respond quickly to emergencies as needed.

Nice To Haves

• Have an Associate's degree (or higher) in Cybersecurity, Computer Science or related field
• Have experience with security analysis and solutions in a WAN/LAN environment to include Routers, Switches, Network Devices, and Operating Systems (e.g., Windows, and Linux)
• Have experience with other Security Operations Centers (SOC)/DCO tools/applications, such as Firewalls, Intrusion Detection Systems / Intrusion Prevention Systems, Network Security Manager, Forward Proxy, Spam Firewall, etc.
• Have experience analyzing security compliance scans performed across a WAN (ACAS/Nessus preferred)
• Have experience analyzing network and host-based threats (ESS preferred)
• Be able to obtain a DoD Top Secret clearance
• Be familiar with Security Operations Centers (SOC)/DoD
• Be familiar with DCO/Cybersecurity Service Provider (CSSP)-guiding security policies and procedures
• Have an active DoD Top Secret Clearance

Responsibilities

• Perform Defensive Cyber Operations (DCO)/Cyber Security Service Provider (CSSP) duties outlined in Evaluator Scoring Metrics (ESM).
• Perform cybersecurity duties on customer networks (proactively and reactively) to improve enterprise-wide security posture.
• Perform preliminary analysis, identification, and response actions to detect, characterize, and respond to cyber incidents IAW CJCSM 6510.01B.
• Perform event/incident investigations from start to conclusion, to include gathering data, analysis, and reporting.
• Properly document all steps in the incident response process while taking care to preserve and protect incident artifacts, evidence, and chain of custody.
• Analyze correlated asset, threat, and vulnerability data against known adversary exploits and techniques to determine impact and improve network defensive posture.
• Support the development, establishment, review and update of DCO procedures, processes, manuals, and other documentation.
• Leverage actionable Cyber Threat Intelligence data to search for indicators of compromise and make recommendations for improvements.
• Review data of ongoing intrusions or cybersecurity incidents and report, analyze, and document/report the findings in accordance with CJCSM 6510.01B guidelines.
• Provide support to internal and external Insider threat and law enforcement / counterintelligence (LE/CI) agencies during cyber incidents / investigations.

Benefits

• flexible work schedules
• educational reimbursement
• retirement benefits (401K match)
• health benefits
• tax saving options
• disability benefits
• life and accident insurance
• voluntary benefits
• paid time off and paid holidays
• parental leave