Senior Incident Responder

About The Position

Requirements

• TS/SCI Security Clearance
• BA/BS in Computer Science, Information Technology, Information Assurance, or a related field. Master’s degree preferred. Alternatively, 15+ years of relevant professional experience in lieu of a degree.
• Minimum of 10 years of concentrated experience in CND.
• 5+ years of professional experience in monitoring and investigating cybersecurity alerts.
• Significant experience with Federal, DoD, IC, and industry standards.
• Strong interpersonal, organizational, time management, writing/documentation, and briefing skills.
• Excellent analytical, conceptual, and problem-solving skills.
• Proven ability to communicate effectively and develop/present presentations.
• Experience in developing and implementing CND TTPs.
• Knowledge of network security architecture, including topology, protocols, and components.
• Familiarity with common adversary TTPs and enterprise services (domain controllers, print, email, DNS, web servers).
• Experience with network traffic analysis tools like WireShark or NIKSUN.
• Proficiency in scripting and coding languages (Python, Perl, Ruby, JavaScript, PowerShell, C, C++, Java, VisualBasic.Net, PHP, AJAX).
• Must possess one of the industry certifications listed under CSSP Incident Responder per the requirements of the DoD Cyber Security Workforce Improvement Program, DoD 8570.01-M.

Responsibilities

• Monitor and investigate alerts from cybersecurity tools.
• Respond to and mitigate cybersecurity incidents and breaches following established incident management lifecycle processes.
• Identify and classify attack vectors, analyze malware, and develop countermeasures.
• Utilize network traffic packet captures and analysis methodologies.
• Operate Network Intrusion Detection/Prevention Systems (NIDPS) such as Cisco FirePower, Palo Alto NGFW, and host-based systems like Trellix ePO, Microsoft Defender, and Tanium.
• Manage Security Information and Event Management (SIEM) systems such as Splunk and Elastic.
• Write detailed reports, create "best practices" manuals, and develop standard operating procedures.
• Document incident response activities and findings.
• Conduct penetration testing and Red Teaming exercises using tools such as Kali, SamuraiWTF, NMap, Burp Suite, sqlmap, and Metasploit.
• Develop scripts and tools using languages such as Python, Perl, Ruby, JavaScript, PowerShell, and others as needed for incident response and automation.
• Work closely with other cybersecurity teams, IT staff, and stakeholders to ensure a cohesive defense strategy.
• Provide briefings and presentations as required.
• Stay updated on the latest cybersecurity threats, trends, and technologies.
• Implement improvements to existing security posture and incident response processes.

Benefits

• Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.