Incident Manager

Our Arlington VA based client is looking for Incident Managers. If you are qualified for this position, please email your updated resume in word format to lli@base-one.com

Incident Manager

Responsibilities:

• Correlating incident data to identify specific trends in reported incidents
• Recommending defense in depth principles and practices (i.e. Defense in Multiple Places, layered defenses, security robustness, etc.)
• Performing Computer Network Defense incident triage to include determining scope, urgency, and potential impact
• Researching and compiling known resolution steps or workarounds to enable mitigation of potential Computer Network Defense incidents
• Applying knowledge of the tactics, techniques, and procedures of various criminal, insider, hacktivist, and nation state threat actors to identify and validate threats –
• Applying cybersecurity concepts to the detection and defense of intrusions into small, and large-scale IT networks
• Monitoring external data sources (e.g., Computer Network Defense vendor sites, Computer Emergency Response Teams [CERTs], SANS, Security Focus) to maintain currency of Computer Network Defense threat conditions
• Identifying the cause of an incident and recognizing the key elements to ask external entities when learning the background and potential infection vector of an incident,
• Receiving and analyzing network alerts from various sources within the enterprise and determine possible causes
• Tracking and documenting Computer Network Defense (CND) incidents from initial detection through final resolution
• Providing support during assigned shift (Weekdays 0600-1430, 1400-2230, 2200-0630, Weekends 0600-1830, 1800-0630)

Required Skills:

• S. Citizenship
• Must have an active TS/SCI clearance
• Must be able to obtain DHS Suitability
• 5+ years of directly relevant experience in cyber incident management or cybersecurity operations
• Knowledge of incident response and handling methodologies
• Having close familiarity with NIST 800-62 (latest revision), and FISMA standards as they pertain to reporting incidents.
• Knowledge of the NCCIC National Cyber Incident Scoring System to be able to prioritize triaging of incident
• Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.) - Skill in recognizing and categorizing types of vulnerabilities and associated attacks
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code)

Desired Skills:

• Knowledge of basic system administration and operating system hardening techniques - Knowledge of Computer Network Defense policies, procedures, and regulations –
• Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored])
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code)

Required Education:

BS Incident Management, Operations Management, Cybersecurity or related degree. Two years of related work experience may be substituted for each year of degree level education.