GDIT seeks a Security Operations Center (SOC) – Lead Incident Responder.
Education and Experience:
- 7-10 years of technical cybersecurity experience in Incident Response, Security Operations, Threat Intelligence, etc.
- Three (3) years of team lead experience leading a SOC team.
- Bachelor’s degree or equivalent experience in Computer Engineering, Computer Science, or Information Systems.
- Scripting (Perl, Python, PowerShell, bash), RegEx and PCRE experience.
- Experience analyzing malware, identifying Indicators of Compromise (IOC) and Tactics, Techniques and Procedures (TTPs) of various threat actors through the analysis of email, malware, endpoints, network infrastructure, etc.
- Experience with malware analysis concepts and methods.
- Experience with processes in functional areas (i.e., trouble management, fault management, and incident management).
- Advanced knowledge of malware trends and behavior and the ability to work with other teams to perform eradication procedures.
- Expert knowledge of malware families and network attack vectors.
- Expert knowledge about exploits, vulnerabilities, network attacks.
- Able to convey complicated technical analysis to senior management using investigation synopses, graphical depictions of attacks, and comprehensive presentations.
- Knowledge of Content Delivery Network (CDN) security best practices.
- Strong knowledge of web applications and APIs.
- Strong knowledge of cloud architecture.
- Working knowledge of Windows, UNIX or Linux based applications.
- Strong understanding of latest security principles and protocols.
- Must have knowledge of LAN/WAN/MAN network environments.
- Understanding of and strict adherence to digital chain of custody forms and processes.
- Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
- Familiarity or experience with Intelligence Driven Defense, Cyber Kill Chain methodology, and/or the MITRE ATT&CK framework.
- Strong understanding of web-related vulnerabilities and remediation requirements.
- Excellent verbal and written communication skills
- Excellent organizational and analytical skills
- Ability to express thoughts clearly
- Ability to collaborate in a team environment
- Attention to detail
- Must be able to work on round-the-clock shifts, rotating or fixed.
Certifications: Possess one cybersecurity and network-related certification, such as: GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED), Security+, Cisco Certified Network Associate/Professional (CCNA/CCNP).
The Lead Incident Responder provides advanced technical support to forensics and incident response teams during the initial response to any cyber threats against the AO’s enterprise. The Lead Incident Responder will work as part of a team that participates in any investigations into potential and actual cyber events observed in the enterprise and serve in a leadership capacity (both executing and providing guidance for) to conduct analysis and evaluate findings to enhance the security posture of the enterprise. The Lead Incident Responder will assist in providing guidance to junior analysts in a technical and developmental capacity.
- Provide technical guidance and support to the Intrusion Detection Team Shift Lead.
- Support peers and senior personnel with documentation, metrics and security program initiatives in both a force multiplier and leadership role.
- Identify deficiencies in security posture and develop, administer and participate in action plans to address these gaps.
- Create a PCAP for network traffic using on-premise tools to interpret packet header information and trace host and user network behavior using on-premise tools.
- Analyze message headers and identify actionable indicators for remediation.
- Analyze logs from SIEMs, and other sources and be able to identify unauthorized activity.
- Perform traffic and port scan during an incident investigation.
- Use security tools including IDS, IPS, firewalls, proxies, Web Application Firewall (WAF), etc., to triage events that may lead to incidents.
- Collaborate with forensic analysts and other analysts, law enforcement officers, and legal experts to recommend methods and procedures for recovery, preservation, and presentation of computer evidence.
- Demonstrate hands-on experience to analyze high volumes of logs, network data (e.g. NetFlow, Full Packet Capture), and other event/incident artifacts using Splunk in support of incident investigations.
- Act as first responder to investigate escalated security events.
- For all incidents, act as the incident commander and/or lead investigator.
- Act as the resident expert on tactics, techniques and procedures utilized by threat actors to target enterprises.
- Continuously revise and develop incident response processes to strengthen the AO's ability to effectively respond to cyber threats.
- Create and maintain standardized communication templates and response procedures.
- Continuously optimize the processes to respond and investigate detected attacks.
- Develop and participate in tabletop exercises.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.