Cyber Security Incident Handler - Associate

About The Position

Requirements

• Experience: 0-2 years of experience in IT, cybersecurity, or a related technical role. Internships or academic projects in cybersecurity are highly valued.
• An associate’s degree in cyber security or related field can replace the experience requirements.
• Core Knowledge: Foundational understanding of cybersecurity principles (e.g., CIA Triad), common network protocols (TCP/IP), and operating systems (Windows/Linux).
• Tool Experience: Familiarity with the purpose of security tools such as SIEM and Endpoint Detection and Response (EDR) platforms.
• Skills: Strong eagerness to learn, detail-oriented, with developing analytical and problem-solving abilities.
• Communication: Good written and verbal communication skills, with the ability to clearly document actions and escalate issues.
• Environment: Ability to work effectively in a structured, 24x7 shift-based operational environment and follow defined procedures meticulously.
• Must be able to obtain and maintain a Secret security clearance.
• Candidates must possess one of the following certifications prior to start date: · CompTia Security+, Certified Ethical Hacker (CEH), CYSA+

Nice To Haves

• Military/DoD Experience: Familiarity with U.S. military policies, procedures, and organizational structures.
• Cyber Security Controls: Foundational understanding of cybersecurity controls and the importance of adhering to security policies in a professional environment.
• Network Analysis: Basic experience reviewing network activity logs and an understanding of common network protocols (e.g., DNS, HTTP, SMB).
• Endpoint Security: Familiarity with reviewing security events from standard endpoint platforms (e.g., antivirus, host firewalls).
• Tool Familiarity: Exposure to or academic experience with some of the following tools: · A SIEM platform (e.g., Splunk, Kibana, Sentinel) · MDE EDR platform and or KQL · ServiceNow or another ticketing system · Linux Command Line

Responsibilities

• Alert Monitoring and Triage: Continuously monitor the security alert queue from SIEM, EDR, and other security tools, performing initial analysis to classify and prioritize events according to established procedures.
• Initial Response and Escalation: Execute initial response steps based on documented playbooks for common security events. Accurately escalate qualified incidents to intermediate and senior handlers when necessary.
• Incident Documentation: Meticulously document all analysis and actions taken in the incident management system, ensuring a clear and concise record of the initial response effort.
• Following Defined Procedures: Adhere strictly to standard operating procedures (SOPs) for incident handling, containment, and reporting.
• Team Collaboration: Assist senior team members in their investigation of more complex incidents by gathering data, running pre-defined queries, and performing assigned tasks.