Receive alerts when this company posts new jobs.

Similar Jobs

Job Details

3414- Incident Response Forensic and Intrusion Analyst

at Indrasoft

Posted: 8/12/2019
Job Status: Full Time
Job Reference #: b9f21a64-61c5-4018-a6ef-bdac6780563f
Keywords: response

Job Description

Job Posting Title:        Incident Response Forensic and Intrusion Analyst

Contract Title:             Computer Forensic and Intrusion Analyst

Location:                     Alexandria, VA (Mark Center) OR Seaside, CA

Job Number:               3414

Clearance:                   Top Secret

Company is willing to sponsor a qualified US Citizen for Top Secret clearance who already possess an active Secret clearance.

Start Date:                  Immediate

Alliant Information Technologies, Inc. a subsidiary of IndraSoft, Inc., is seeking highly qualified Incident Response Forensic and Intrusion Analyst Lead with a Top Secret clearance (TS Clearance preferred) to support our DoD client, located in Alexandria, VA. The selected candidate will be a highly motivated individual who works well as part of a multi-disciplinary team. The candidate will provide Incident Response capabilities for both externally and internally reported incidents and must have strong analytical and troubleshooting skills.

Required Qualifications:

  • Must have Active DoD Secret clearance or higher, and an ability to obtain and maintain a Top Secret clearance.
  • Bachelor’s degree and 3 years of related cyber analysis and incident response experience OR 7 years of related experience and certifications may be considered in lieu of degree.
  • Must possess or be willing to acquire Security CE and CEH cert within 90 days of hire with company support.
  • Must be knowledgeable of DoD security policies and practices.
  • Excellent communication and analytical skills.
  • Experience with incident response processes (detection, triage, incident analysis, remediation and reporting).
  • Willing to work overtime, holidays, and week-ends as necessary.

Desired Qualifications

  • Possess any of the additional following certs: CFR, CCNA Cyber Ops, CySA , GCFA, GCIH, SCYBER, CHFI (DoD 8570).
  • Experience in an enterprise environment (1500 servers plus 2500 workstations).
  • Knowledge of CJCSM 6510 policy and procedures.
  • Experience with digital investigations including: incident handling and response, network and computer forensics, malware and memory analysis.
  • Experience with ServiceNow or similar service management/ticketing systems.
  • Ability to prioritize workload and competing demands.

Technologies Desired:

  • Experience applying troubleshooting techniques across various server, application, and network technologies including:
    • Operating systems – Windows, RHEL and relevant DoD STIGs
    • Networking knowledge – TCP/IP, inspection tools, and network devices.
    • ArcSight, FireSight
    • DoD tools - vulnerability scanners (ACAS/Nessus) and HBSS (McAfee ePO and point products)
    • WireShark
    • EnCase

Job Description:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The key responsibilities listed below are representative of the knowledge, skill, and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Primary focus will be on the containment, restoration, investigation, and reporting of activities related to computer security incidents.

Key Responsibilities:

  • Serve as the primary incident response analyst on-site at the customer site
  • Support all aspects of Computer Security Incident Response activities for a large enterprise
  • Conduct analysis of cyber incidents and remediate or recommend remediation as appropriate in accordance with established incident response processes (detection, triage, incident analysis, remediation and reporting)
  • Conduct highly technical examinations, analysis and reporting of computer based evidence related to security incidents (intrusion artifacts/IOCs) or investigations
  • Reconstruct events from network, endpoint, and log data
  • Support personnel to scope, contain, and eradicate cyber incidents
  • Support vulnerability and penetration testing
  • Ensure the secure handling of digital evidence and matter confidentiality
  • Identify recurring incidents within a customer’s environment and determine the need to escalate to the appropriate technical resources, ensuring resolution of more complex issues
  • Recognize potential successful and unsuccessful intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information
  • Assist with implementation of countermeasures or mitigating controls as needed
  • Request and analyze on-demand system audits or vulnerability assessments when necessary to determine compliance
  • Be responsible for quality control of incident reports
  • Close incidents and prepare incident reports of analysis methodology and results
  • Communicate effectively and articulate the identified issues and resolution steps to bring the customer’s incident to a resolved state
  • Engage customers in a professional manner, resolving requests and incidents with a high sense of urgency and ownership
  • Track, measure and evaluate Incident Response compliance across the enterprise

Candidate may also provide general technical cybersecurity support in the areas of vulnerability assessment, risk assessment, network security, and security implementation. Additional general duties include implementation and support for protecting the confidentiality, integrity and availability of sensitive information; providing input into the design of IS contingency plans; and conducting testing and audit log reviews to evaluate the effectiveness of current security measures.

Physical Demands: 

While performing duties of the job, the successful candidate will be exposed to normal demands of an office environment, including:

Sitting and working on a computer for long continuous periods each day, effective communications by telephone, email and face-to-face, standing, walking, sitting, handling and feeling objects or controls, reaching, talking and hearing, lifting and or/moving up to 25 pounds and specific vision abilities including close vision, distance vision, color vision, peripheral vision depth perception and the ability to adjust and focus.

Work Environment: The noise level in the work environment is usually moderate.