Mid. Cyber Defense Incident Responder

About The Position

Requirements

• 4+ years of experience in conducting incident handling/response, cyber threat hunting, Computer forensics, Cyber Network Defense and Analysis
• Bachelor’s Degree or Higher in Cybersecurity, Computer Science or related field
• IAT II 8140 Certification
• GIAC Certified Forensic Analyst (GCFA)
• Security Clearance: Top Secret/SCI with potential for higher read-ins 
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
• Knowledge of cybersecurity principles.
• Knowledge of cyber threats and vulnerabilities.
• Knowledge of specific operational impacts of cybersecurity lapses.
• Knowledge of authentication, authorization, and access control methods.
• Knowledge of cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities.
• Ability to interpret and incorporate data from multiple tool sources.
• Knowledge of computer networking concepts and protocols, and network security methodologies
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.
• Knowledge of Palo Alto XOAR playbook development.
• Linux Incident response and forensics background.
• Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• Knowledge of network traffic analysis methods
• Skilled in deep packet inspection (DPI), anomaly detection, and traffic pattern analysis using tools like Zeek, Wireshark, NetFlow, and PCAP replay environments
• This is a full-time direct hire position and you must currently have an active TS/SCI Security Clearance or above.
• We are not able to offer visa sponsorship, 1099 status, or work with C2C for this role.

Responsibilities

• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
• Coordinate with enterprise-wide cyber defense staff to validate network alerts.
• Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Identify and analyze anomalies in network traffic using metadata.
• Identify applications and operating systems of a network device based on network traffic.
• Perform cyber defense trend analysis and reporting.
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
• Ability to interpret and incorporate data from multiple tool sources.
• All other duties as defined by CSSP.

Benefits

• Health and Wellbeing: Health, Dental, and Vision Care, Onsite Health Centers, Employee Assistance Program, Wellness program
• Financial Benefits: Competitive pay, Profit Sharing, 401k Plan with Company Matching, Life and Disability Insurance, Tuition Reimbursement
• Paid Time Off: PTO and Sick Leave (starting at 20 days per year) & Holidays (10 per year), Parental Leave, Military Leave, Bereavement
• Additional Perks: Nursing Mothers Benefits, Voluntary Legal, Pet Insurance, Employee Discount Program