31 Jan
7007- Incident Response Lead
California, Seaside , 93955 Seaside USA

Job Posting Title: Incident Response Lead

Worksite Location: Seaside, CA

Clearance: Top Secret

Alliant Information Technologies, Inc. a subsidiary of IndraSoft, Inc., is seeking highly qualified Incident Response Lead candidate with a Top Secret clearance to support our DoD client, located in Seaside, CA. The selected candidate will be a highly motivated individual who works well as part of a multi-disciplinary team. The candidate will serve as the Incident Response Lead & Sr. Incident Responder.

Required Qualifications:
  • Must have an active Top Secret clearance and ability maintain the TS clearance
  • Bachelor s degree in computer science, information technology, network technology, network administration, cybersecurity, information security, or similar discipline AND 4+ years of incident response experience, plus 1 year of Lead or Manager Incident Response, preferably in support of the DoD or other federal clients
  • Minimum 4+ years as an incident responder/handlers and 1 year leading an incident response team.
  • Active DoD 8570
  • CSSP Incident Responder certification for compliance, including at least one of the following certifications in good standing: CEH, CYSA+, CFR, CCNA Cyber Ops, CCNA Security, CHFI, GCFA, GCIH, SYCYBER
  • IAT Level II or III certification, including at least one of the following certifications in good standing: Security +, CySA +, CISSP, CASP+, CCNA Security, GISCP, GSEC, CND, SSCP, CGED, GCIH
  • Conducting Incident Responder activities for a DoD enterprise environment (1000 servers plus 1500 workstations)
  • Knowledge of DoD cybersecurity policies, practices, and requirements, specifically including NIST and CJCSM 6510 policy and procedures
  • Experience with digital investigations including: incident handling and response, network and computer forensics, malware and memory analysis
  • Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders
  • Capacity to thrive in a complex, chaotic environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions
  • Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk
  • Willing to work overtime, holidays, and weekends as necessary to support cybersecurity initiatives and incident response
  • Must have the ability to maintain an active Top Secret clearance

Desired Qualifications
  • Experience with ServiceNow or similar service management/ticketing systems
  • Ability to prioritize workload and competing demands
  • Database security management with experience detecting and preventing SQL injection and other threats, and preferred certifications such as the Oracle Database Security Expert
  • Experience utilizing DoD tools, including the ArcSight, Assured Compliance Assessment Solution (ACAS) vulnerability scanner, host-based security system (HBSS), and McAfee ePolicy Orchestrator (ePO)

Technologies Desired:
  • Experience applying troubleshooting techniques across various server, application, and network technologies including:
    • Operating systems Windows, RHEL and relevant DoD STIGs
    • Networking knowledge TCP/IP, inspection tools, and network devices
    • ArcSight, FireSight
    • DoD tools - vulnerability scanners (ACAS/Nessus) and HBSS (McAfee ePO and point products)
    • WireShark
    • EnCase

Job Description:To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The key responsibilities listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Primary focus will be on the containment, restoration, investigation, and reporting of activities related to computer security incidents.

Key Responsibilities:
  • Serve as a Senior Incident Response technical/functional principal
  • Serve as the IndraSoft/AIT Line Manager providing managerial support include but are not limited to timesheet reviews, performance reviews, employee engagement and management presentations
  • Provide technical/functional guidance spanning all SOC tools used to investigate suspicious and potentially malicious activity within the network and systems
  • Incident Response
    • Support all aspects of Computer Security Incident Response activities for a large enterprise, including coordination with other government agencies and reporting of incidents
    • Conduct analysis of cyber incidents and remediate or recommend remediation as appropriate in accordance with established incident response processes (detection, triage, incident analysis, remediation and reporting)
    • Conduct highly technical examinations, analysis and reporting of computer based evidence related to security incidents (intrusion artifacts/IOCs) or investigations, leveraging all cybertools
    • Reconstruct events from network, endpoint, and log data
    • Support vulnerability and penetration testing
    • Ensure the secure handling of digital evidence and matter confidentiality.
    • Identify recurring incidents within a customer s environment and determine the need to escalate to the appropriate technical resources, ensuring resolution of more complex issues.
    • Recognize potential successful and unsuccessful intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information.
    • Assist with implementation of countermeasures or mitigating controls as needed
    • Request and analyze on-demand system audits or vulnerability assessments when necessary to determine compliance
    • Recommend changes or improvements to the incident management system
  • Customer Engagement
    • Engage customers in a professional manner, resolving requests and incidents with a high sense of urgency and ownership
    • Communicate effectively and articulate the identified issues and resolution steps to bring the customer s incident to a resolved state
  • Audits
    • Participate in external and internal audits and assessments
    • Support external and internal Pen Testing teams
  • Documentation
    • Close incidents and prepare incident reports of analysis methodology and results.
    • Be responsible for quality control of incident reports.
    • Support workflow development in the Service Now Incident Response Module
    • Develop security policies and procedures
    • Develop and maintain Incident Response Plan and Testing
    • Track, measure and evaluate Incident Response compliance across the enterprise
    • Prepare and present weekly presentation status slides
Candidate may also provide general technical cybersecurity support in the areas of vulnerability assessment, risk assessment, network security, and security implementation. Additional general duties include implementation and support for protecting the confidentiality, integrity and availability of sensitive information;providing input into the design of IS contingency plans; and conducting testing and audit log reviews to evaluate the effectiveness of current security measures.Equal Opportunity Employer/Protected Veterans/Individuals with DisabilitiesThe contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor s legal duty to furnish information. 41 CFR 60-1.35(c)See job description


Related jobs

Report job