Cyber Defense Incident Responder - Mid

Overview

On Site
USD 95,000.00 - 108,000.00 per year
Full Time

Skills

Communication
System Administration
Operating Systems
Hardening
Leadership
Routing Protocols
TCP/IP
DNS
Dragon NaturallySpeaking
Software Security
Web Application Security
Technical Support
Firewall
IDS
Network Security
Trend Analysis
INSPECT
Real-time
Collections
Management
Intrusion Detection
Threat Analysis
Digital Forensics
Computer Networking
Penetration Testing
Information Assurance
Security Clearance
Reporting
IT Security
SAP ERP
Certified Ethical Hacker
GCIH
Information Security
Information System Security
CISSP
Standard Operating Procedure
Malware Analysis
SPAM
Cloud Computing
Incident Management
Network
Mapping
Caching
Web Applications
SAP BASIS
Law
FOCUS

Job Details

Job Description

ECS is seeking a Cyber Defense Incident Response - Mid to work in our Washington, DC office. Please Note: This position is contingent upon additional funding.

Job Requirements:
  • Strong written and verbal communication skills.
  • Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
  • Knowledge of system administration, network, and operating system hardening techniques.
  • Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
  • Demonstrated ability to interact effectively with senior management and leadership.
  • Ability to design incident response for cloud service models.
  • Knowledge of incident categories, incident responses, and timelines for responses.
  • Knowledge of incident response and handling methodologies.
  • Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
  • Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • Coordinate incident response functions.
  • Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.
  • Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation.
  • Perform cyber defense trend analysis and reporting.
  • Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
  • Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).
  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
  • Track and document cyber defense incidents from initial detection through final resolution.
  • Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).
  • Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
  • Coordinate with intelligence analysts to correlate threat assessment data.
  • Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
*5+ years of relevant work experience required*

Salary Range: $95,000 - $108,000

General Description of Benefits

Required Skills

  • Bachelor's degree or higher
  • 5+ years' experience in Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling
  • Must have, or be able to obtain within 3 months, one of the following certifications: CERT Certified Computer Security Incident Handler (CSIH), ECC Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), GIAC Information Security Fundamentals (GISF), or ISC2 Certified Information System Security Professional (CISSP).
  • Active Secret clearance or eligible to obtain a Secret clearance


Desired Skills

  • Experience identifying, capturing, containing, and reporting malware.
  • Must have, or be able to obtain within 3 months, one of the following certifications: CERT Certified Computer Security Incident Handler (CSIH), ECC Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), GIAC Information Security Fundamentals (GISF), or ISC2 Certified Information System Security Professional (CISSP).
  • Skill in preserving evidence integrity according to standard operating procedures or national standards.
  • Strong securing network communications experience.
  • Recognizing and categorizing types of vulnerabilities and associated attacks.
  • Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
  • Experience performing damage assessments.
  • Skill in using security event correlation tools and design incident response for cloud service models.
Desirable additional certifications are those that address incident handling (identification, overview and preparation) buffer overflow, client attacks, covering tacks (networks, systems), denial of service attaches, network attacks, password attacks, reconnaissance, scanning (discovery and mapping, techniques, and defense), session hijacking and cache poisoning, techniques for maintaining access, web applications attacks, worms, bots, and bot-nets

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.