Vacancy caducado!
REQ#: RQ71950
Travel Required: Less than 10% Requisition Type: Regular Primary Responsibilities Incident Response Analyst (CSSP Incident Responder) validate suspicious events or reports and determine if the event constitutes an incident, identify the scope of the attacks, isolate the responsible agents, and implement detection capabilities/counter measurements. Perform network and host-based digital forensics on Microsoft Windows based systems and other operating systems as necessary to enhance response to, support of, and investigation into significant network incidents. Explore patterns in network and system activity via log correlation using security tools. Manage and perform forensics and reports analysis per identified reporting procedures. Configure, manage, and utilize a variety of CND Tools. Must have strong knowledge in identifying attacks patterns concerning Advanced Persistent Threats (APTs) and their Tactics Techniques and Procedures (TTPs) to develop Indicators of Compromised (IOCs) that can be applied to current and future investigations. Computer Network Defense Incident Responders must possess a thorough understanding of the Six Steps of Incident Response, the MITRE ATT&CK framework and the Cyber Kill Chain model; and all aspects of computer and network security, including such areas as firewall administration, encryption technologies and network protocols. Computer Network Defense Incident Responders need strong oral and written communication, analytical, and problem-solving skills, as well as excellent judgment and self- motivation. This position requires the ability to multitask and work well under pressure. It is important that Computer Network Defense Incident Responders keep abreast of industry security trends and developments, as well as applicable Government regulations. Required Certifications:- 8570 Compliance (CSSP Incident Responder): https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications/
- CCNA or MCSA
- CYSA+, GCIA, IH or CISSP
- Q-Radar
- CISCO SOURCEFIRE (IDS)
- CISCO ASA Firewalls
- Tipping Point (IPS)
- Joint Regional Security Stack (JRSS)
- ArcSight
- Blue Coat Web Proxy
- Windows Event Logs
- PowerShell
- PCAP analysis
Vacancy caducado!