ECS is seeking a Computer Network Defense & Incident Response Analyst
to work in our Pearl City, HI
office. Job Description:
The candidate will identify, isolate, investigate, inform, and implement measures to detect and protect data across a wide spectrum of sources and locations. The candidate is required to validate suspicious events or reports and determine if the event constitutes an incident. The candidate will ensure incidents are properly entered into the appropriate reporting system and determine the severity of the incident. Reporting and response measures will be taken immediately in order to satisfy the Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01B reporting requirements.
- Authorized to view alerts for IDS/IPS
- Authorized to view Audit Records on Central Log Server
- Overtime may be required as needed to support incident response actions (Surge)
- Up to 15% Travel may be required
Due to the nature of the work required, operations are conducted 24/7/365 with three primary shifts. Choice of shifts will be made available with the understanding that placement is at the discretion of the CSSP Services Director and/or assigned manager. Required Skills:
- Bachelor OR Graduate degree from accredited university/technical college in Cybersecurity, Computer Science, Information Systems, or other related scientific or technical discipline
- Must have a Secret Clearance
- 2+ years' experience in Cybersecurity Service Provider (CSSP) environment or similar
- DoD or DoN Cybersecurity Workforce (CSWF) Certification or compliance (DoDD 8140 or SECNAV M-5239)
- Knowledge of Incident Response Procedures
- Knowledge of Packet Analysis
- Knowledge of IDS/IPS solutions
- Familiarity with various Host-Based Tools
- Experience with Log Aggregation Tools
- Logical thinking and analytical ability
- Verbal and written communication ability
- Maintains familiarity with CJCSM 6510.01B.
- Compiles and maintains internal standard operating procedure (SOP) documentation.
- Ensures associated documentation and capabilities remain compliant with CJCSM 6510.01B and other applicable policy directives.
- Provides network intrusion detection and monitoring, correlation analysis, incident response and support for the Cybersecurity Service Provider (CSSP) and its subscriber sites.
- Validates suspicious events or reports and determine if the event constitutes an incident and properly enter associated data into the appropriate reporting systems.
- Coordinates with JFHQ-DoDIN and supported entities regarding significant incidents to ensure proper analysis is performed and timely and accurate reporting of the incident is completed.
- Provides 24x7 support for the CSSP's Incident Response capability during non-core business hours consistent with CSSP requirements as needed.
- Performs network and host-based digital forensics on Microsoft Windows based systems and other operating systems as necessary to enhance response to, support of, and investigation into significant network incidents.
- Possesses working knowledge of full packet capture PCAP analysis and accompanying tools (Wireshark, etc.).
- Explores patterns in network and system activity via log correlation using Splunk and supplemental tools
- Possesses understanding of IDS/IPS solutions to include signature development and implementation
- Participates in program reviews, product evaluations, and onsite certification evaluations.
- Knowledge of CJCSM 6510.01B
- Experience with Digital Forensics
- The ability to solve problems independently
- Familiarity with IIS and Apache Tomcat
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.