Senior Incident Handling Specialist
The Joint Service Provider (JSP) Defense Cyber Operations Internal Defense Measures (DCO IDM) program is searching for a Senior Incident Handler to join their team in Arlington, VA.
The Joint Service Provider (JSP) program provides a full range of cybersecurity products, services, solutions and customer support to the Office of the Secretary of Defense (OSD), the Chairman of the Joint Chiefs of Staff (CJCS), the Joint Staff (JS), the Director of Administration (DA), the Pentagon Force Protection Agency (PFPA), the Washington Headquarters Services (WHS) and other various OSD offices.
Senior Incident Handlers will demonstrate expert-level knowledge in the planning, directing, and managing Computer Incident Response Team (CIRT) operations in a large organization. In addition, they will contribute to a team of Cybersecurity professionals working with a variety of security hardware and software. Incident Handlers will assist in writing reports, briefing event details to Senior Leadership, and coordinating remediation within large/complex networks.
The Incident Handling Branch provides incident analysis, forensics, reverse engineering, and fusion reporting to provide JSP leadership, customers, and appropriate agencies situational awareness on current and emerging threats, as well as indications and warnings (I&W). The Incident Handling Branch response services includes reporting, analyzing, coordinating, and responding to any event or computer security incident. Incident Response includes the coordinated development and implementation of courses of action (COAs) that focus on containment, eradication, and recovery. At the same time, it ensures the acquisition and preservation of data required for tactical analysis, strategic analysis, and/or Counter Intelligence (CI) or Law Enforcement (LE) investigations.
The work location is at the Pentagon and surrounding facilities and is in support of Pentagon networks.
As a Senior Incident Handler you will:
- Respond to threats of varying sophistication targeting Pentagon Networks and resources
- Perform Digital Forensics & Incident Response (DFIR) investigations using commercial, open source, and custom tools
- Perform Netflow and PCAP analysis of network traffic
- Report & Present on threats targeting pentagon network
- Validate findings from third party assessments of Pentagon Networks
- Assist with evaluating existing defensive capabilities and recommend adjustments and improvements
- Provide feedback and expert opinion on new and existing toolsets (EDR, etc)
- Interact with other SOC/CSSP/Intelligence organizations in the community through regular meetups
BS degree in a technical field (4+ years of experience in Incident Response in lieu of a degree)
- Active Top Secret clearance with SCI Eligibility
- Must have a current DoD 8570 IAT Level III certification - CISSP or CASP
- Must have a current DoD 8570 CSSP Incident Responder certification - CEH, CFR, CCNA Cyber Ops, CySA+, GCFA, GCIH, SCYBER, or CHFI
- 8+ years of Incident and Malware analysis experience within DoD or IC environment
- Ability to interpret and write network and host based signatures (Yara, Snort, SIGMA, etc)
- Demonstrate knowledge of the Cyber Kill Chain and MITRE Attack Framework
- Demonstrate working knowledge of common networking protocols (HTTP, TLS, DNS, SMTP, FTP, SSH, SNMP, etc) and analysis techniques
- Demonstrate working knowledge of common threat actor Tactics, Techniques, and Procedures (TTPs)
- Demonstrate working knowledge of Windows and Linux Internals
- Demonstrate working knowledge of Active Directory Security fundamentals
- Demonstrate working knowledge of network security fundamentals
- Demonstrate awareness of common threat actor TTPs and defensive mechanisms to include.
- In-depth knowledge of CJCSM 6510.01B and experience in the DoD/IC/ Federal Government Defensive Cyber Operations.
- Experience with automation / programming experience (PowerShell, Python, Go, Etc)
- One of the following certifications or an equivalent certification: CFCE, GCFE, GCFA, GCTI, GNFA, GREM, GPEN, GDAT, OSCP
- Experience with various cloud solutions (office365, AWS, Azure, Salesforce)
- Excellent verbal and written communication skills
- Basic skills to prepare documents and reports using Microsoft Office products (i.e. Word, Excel, PowerPoint)
Job Status: Contract/Temporary