Senior Incident Responder

About The Position

Requirements

• TS/SCI Security Clearance
• BA/BS in Computer Science, Information Technology, Information Assurance, or a related field. Master’s degree preferred. Alternatively, 15+ years of relevant professional experience in lieu of a degree.
• Minimum of 10 years of concentrated experience in CND.
• 5+ years of professional experience in monitoring and investigating cybersecurity alerts.
• Significant experience with Federal, DoD, IC, and industry standards.
• Strong interpersonal, organizational, time management, writing/documentation, and briefing skills.
• Excellent analytical, conceptual, and problem-solving skills.
• Proven ability to communicate effectively and develop/present presentations.
• Experience in developing and implementing CND TTPs.
• Knowledge of network security architecture, including topology, protocols, and components.
• Familiarity with common adversary TTPs and enterprise services (domain controllers, print, email, DNS, web servers).
• Experience with network traffic analysis tools like WireShark or NIKSUN.
• Proficiency in scripting and coding languages (Python, Perl, Ruby, JavaScript, PowerShell, C, C++, Java, VisualBasic.Net, PHP, AJAX).
• Must possess one of the industry certifications listed under CSSP Incident Responder per the requirements of the DoD Cyber Security Workforce Improvement Program, DoD 8570.01-M.

Responsibilities

• Incident Response: Monitor and investigate alerts from cybersecurity tools. Respond to and mitigate cybersecurity incidents and breaches following established incident management lifecycle processes.
• Threat Analysis: Identify and classify attack vectors, analyze malware, and develop countermeasures. Utilize network traffic packet captures and analysis methodologies.
• Tool Utilization: Operate Network Intrusion Detection/Prevention Systems (NIDPS) such as Cisco FirePower, Palo Alto NGFW, and host-based systems like Trellix ePO, Microsoft Defender, and Tanium. Manage Security Information and Event Management (SIEM) systems such as Splunk and Elastic.
• Documentation and Reporting: Write detailed reports, create "best practices" manuals, and develop standard operating procedures. Document incident response activities and findings.
• Penetration Testing: Conduct penetration testing and Red Teaming exercises using tools such as Kali, SamuraiWTF, NMap, Burp Suite, sqlmap, and Metasploit.
• Scripting and Coding: Develop scripts and tools using languages such as Python, Perl, Ruby, JavaScript, PowerShell, and others as needed for incident response and automation.
• Collaboration: Work closely with other cybersecurity teams, IT staff, and stakeholders to ensure a cohesive defense strategy. Provide briefings and presentations as required.
• Continuous Improvement: Stay updated on the latest cybersecurity threats, trends, and technologies. Implement improvements to existing security posture and incident response processes.

Benefits

• Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
• We offer competitive compensation, benefits and learning and development opportunities.
• Our broad and competitive mix of benefits options is designed to support and protect employees and their families.
• At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.