As an Incident Response Specialist, you will coordinate and provide expert technical support to defense technicians of assigned systems to resolve cyber defense incidents.
Essential Functions and Responsibilities:
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on assigned systems.
• Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.
• Participate in incident response functions.
• Perform cyber defense incident triage, to include determining scope, urgency, and potential impact; identifying the specific incident events; and making recommendations that enable expeditious remediation.
• Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on assigned systems.
• Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable incident Response Teams (IRTs).
• Receive and analyze network alerts from various sources within assigned systems, and determine possible causes of such alerts.
• Track and document cyber defense incidents from initial detection through final resolution.
• Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies.
• Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, and security robustness).
• Collect intrusion artifacts (e.g., source code, malware, residual evidence) and use discovered data to enable mitigation of potential cyber defense incidents within assigned systems.
• Serve as technical expert and liaison to law enforcement personnel and explain incident details as required.
• Coordinate with intelligence analysts to correlate threat assessment data.
• Perform cyber defense trend analysis and reporting.
• Ensure chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence.
• Examine recovered data for information of relevance to the issue at hand.
• Write and publish after action reviews.
Required Education, Skills, and Experience:
• Bachelor's degree in Computer Science, Cyber Security, Computer Engineering or a related technical field OR CERT-Certified Computer Security Incident Handler (CSIH) OR GIAC Certified Incident Handler (GCIH) certification
• 2 to 5 Years of experience in Incidence Response Handling
• CEH, GNFA, GCDA, CHFI, CySA+ or GRID certification
• Must work well in teams and independently to solve complex technical problems.
• Windows and Linux administration
• Knowledge of information security principles
Physical Demands and Expectations:
• Regular physical activity to include walking, climbing stairs, bending, stooping, reaching, lifting (up to 30 pounds), and standing; occasional prolonged sitting
• Ability to speak, read, hear and write, with or without assistance
• Ability to use phone and computer systems, copier, fax and other office equipment
Required: Must be a US citizen with the ability to maintain a DoD Secret security clearance.
EHS Technologies Corporation is an Affirmative Action/Equal Opportunity Employer.