- Assess cybersecurity incidents to investigate, validate, respond, and recover the environment, and perform additional activities such as root cause analysis and resilience recommendations. Serve as the primary escalation point for the SOC in the event of an incident.
- Communicate and coordinate with internal and external teams during incidents and breaches.
- Design, implement, and document IR processes, procedures, playbooks, and guidelines.
- Participate in breach and attack simulation and purple teaming exercises to stress test the incident response plans and playbooks.
- Compose and deliver executive-level reports, presentations, and postmortems for key stakeholders.
- Provide relevant, strategic recommendations to help improve the security posture of an organization during and after an incident.
- Analyze emerging threats to improve and maintain the detection and response capabilities of the organization.
- EDR/IDS/IPS
- NDR/Network
- Identity Provider (IdP) authentication policies
- Email defense platforms
- Integration of threat intelligence feeds with security policy enforcement points
- SIEM and XDR detections
- Security orchestration, automation, and response (SOAR) playbook development
- Apply knowledge of monitoring, analyzing, detecting, and responding to cyber events to develop clever, efficient methods and technology to detect all types of threat.
- Document specifications, playbooks, and detections - not as an afterthought, but through the whole process.
- Work with developers to build security automation workflows, enrichments, and mitigations.
- Evaluate policies and procedures and recommend updates to management as appropriate.
- Bachelor's degree or equivalent practical experience in incident response, computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering
- Four or more years in an incident response role required.
- Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling preferred.
- Programming and scripting languages, preferably Python and PowerShell.
- Scripting and automation for use in SOAR is a plus.
- Strong written and verbal communication skills; must be able to effectively communicate to all levels of staff up to executive-level management, customers (internal and external), and vendors.
- Deep understanding of computer systems and concepts, including operating systems, computer networking, cloud computing.
- Continually updated understanding of and ability to recognize and categorize types of vulnerabilities, exploits, and associated attacks.
- Continually updated understanding of and ability to identify, capture, contain, and report malware.
- Ability to preserve evidence integrity in keeping with standard operating procedures and/or national standards.
- Motivation to continually improve the incident response program and associated policies and procedures.
- Identification of opportunities to improve collaboration and communication with internal and external stakeholders to mitigate incidents and follow protocols.
- On-Call nights and weekends based on response SLA requirements.
- Curiosity and tenacity as related to forensic investigations and threat hunting.
- Ability to work effectively under pressure; previous experience as an emergency medical responder, firefighter, or related high-pressure environment preferred but not required.
- Willingness and experience in supporting people from a variety of backgrounds and areas across the organization.
- Common attacker types and motivations (e.g., nation-state sponsored, ransomware gang, script kiddie, insider threat, etc.)
- Familiar with and have worked within security frameworks such as: NIST SP 800-61, Attack lifecycle, SANS Security Controls, MITRE ATT&CK, Kill chain, OWASP Top 10
- SANS Security 500 Series or other industry standard equivalent recommended but not required.
- Preference given for CCE, CCFE, CEH, CPT, CREA, GCFE, GCFA, GCIH, GCIA GIAC, Splunk Core, OSCP, SANS Security 500 Series or other industry standard equivalent
- Public Trust
- Must be a U.S. Citizen
- This is a remote/work from home role
-
Incident Response Analyst
1 week ago
OneZero Solutions Washington, United StatesWe are an employee-centric company that truly appreciates our team members and their value to our customers and the missions they support. We pride ourselves on being forward-leaning thinkers and fostering teams that are and continue to be technically proficient and technically c ...
-
Incident Response Analyst
3 weeks ago
Computer World Services (CWS)Corporation Washington DC, United States· Job Description · The mission of the OFR is to support the Financial Stability Oversight Council (FSOC) in promoting financial stability by: collecting data on behalf of FSOC; providing such data to FSOC and member agencies; standardizing the types and formats of data report ...
-
Incident Response Analyst
1 week ago
OneZero Solutions Washington, United StatesJob Description · Job DescriptionWe are an employee-centric company that truly appreciates our team members and their value to our customers and the missions they support. We pride ourselves on being forward-leaning thinkers and fostering teams that are and continue to be technic ...
-
Cyber Incident Response Analyst
2 weeks ago
RedTrace Technologies Inc Washington, United StatesJob Description · Job DescriptionSECURITY CLEARANCE REQUIREMENT: TS, WITH SCI ELIGIBILITY · ***POSITION REQUIRES US CITIZENSHIP*** · Company Overview: As a Cybersecurity, Information Technology, and Management Consulting firm focused on assisting our commercial and U.S. Intellige ...
-
Cyber Incident Response Analyst
1 week ago
cFocus Software Incorporated Washington, United StatesJob Description · Job DescriptioncFocus Software seeks a Cyber Incident Response Analyst (Senior) to join our program supporting United States Courts, Information Technology Security Office in Washington, DC. This position requires US Citizenship and the ability to obtain a Publi ...
-
Cyber Incident Response Analyst
1 week ago
cFocus Software Incorporated Washington, United StatesJob Description · Job DescriptioncFocus Software seeks a Cyber Incident Response Analyst (Mid-Level) to join our program supporting to join our program supporting United States Courts, Information Technology Security Office in Washington, DC. This position requires US Citizenship ...
-
Digital Forensic Incident Response Analyst
3 weeks ago
Booz Allen Hamilton Washington, United States Full timeJob Number: R0186940 · Digital Forensic Incident Response AnalystKey Role: · Collect, analyze, and present digital evidence in support of computer investigations. Apply basic principles, theories, and concepts and limited industry knowledge. Solve routine problems of limited scop ...
-
Cyber Incident Response Analyst
3 weeks ago
Peraton Arlington, United States Full timeResponsibilities · Peraton is currently hiring a Cyber Incident Response Analyst for its' Federal Strategic Cyber sector. · Location: On-site, Arlington, VA · In this role, you will have the following duties:Identify, log, categorize, perform initial triage, assign to other team ...
-
Incident Response Analyst
3 weeks ago
MindPoint Group Washington, United StatesMindPoint Group is seeking a Security Operations Center (SOC) Analyst that will collaborate with members of the SOC team to improve procedures for the SOC to enhance coordination and incident response operations. You must be willing to work in a 24x7x365 SOC environment demonstra ...
-
Incident Response Analyst
2 weeks ago
Computer World Services (CWS)Corporation Washington, United States OTHER· Job Description · The mission of the OFR is to support the Financial Stability Oversight Council (FSOC) in promoting financial stability by: collecting data on behalf of FSOC; providing such data to FSOC and member agencies; standardizing the types and formats of data reported ...
-
Incident Response Analyst
2 weeks ago
Computer World Services (CWS)Corporation Washington, United States OTHER· Job Description · The mission of the OFR is to support the Financial Stability Oversight Council (FSOC) in promoting financial stability by: collecting data on behalf of FSOC; providing such data to FSOC and member agencies; standardizing the types and formats of data reported ...
-
Incident Response Analyst
2 weeks ago
Computer World Services (CWS)Corporation Washington, United States OTHER· Job Description · The mission of the OFR is to support the Financial Stability Oversight Council (FSOC) in promoting financial stability by: collecting data on behalf of FSOC; providing such data to FSOC and member agencies; standardizing the types and formats of data reported ...
-
Incident Response Analyst
3 weeks ago
MindPoint Group Washington, United StatesMindPoint Group is seeking a Tier 2 Incident Response Analyst to support threat monitoring, detection, event analysis, and incident reporting. The Security Operations Center is a 24/7 environment. You will be responsible for monitoring enterprise networks and systems, detecting e ...
-
Incident Response Analyst
2 weeks ago
Sikich LLP Washington, United States**Description**: · **Incident Response Analyst (II)** · **What to expect when you join the Sikich family** · Team members at Sikich have a lot in common while also being part of a rich and diverse group of contributors, creating a distinct and thriving culture. Chief among our co ...
-
Incident Response Analyst
2 weeks ago
Gridiron IT Washington, United States**Role Description**: · - Support the development of staff schedules and staffing forecasts for approval · - Ensure shift members follow the appropriate incident escalation and reporting procedures · - Ingest, triage, prioritize, assign, track, document, and manage incidents and ...
-
Detection and Response Analyst
3 weeks ago
Rapid7 Arlington, United States Full timeDetection & Response Analyst · We are looking for people with a passion for investigation and forensic analysis to join our MDR SOC team at Rapid7. As a Detection & Response Analyst, you will utilize Rapid7's advanced tools to investigate and triage security events and work side- ...
-
Incident Response Analyst
3 weeks ago
XOR Security Arlington, United StatesJob Title: Incident Response Analyst · Location: 1110 N. Glebe Rd. Arlington, Virginia 22201 · Clearance Level: Top Secret · SUMMARY: · XOR Security, An Agile Defense Company is currently seeking an Incident Response Analyst with advanced skillsets in Digital Forensic & Incid ...
-
Tier 2 Cyber Incident Response Analyst
3 weeks ago
Critical Solutions Washington, United StatesJob Description · Job DescriptionTier 2 Cyber Incident Response Analyst - Shift 1 (M-F 6AM - 2:30PM ET) - (w/ active TS)Washington, DC · Full-time · Clearance Required: Top Secret w/ SCI eligibility · Shift 1: Monday - Friday 6am - 2:30pm EST · JOB DESCRIPTION · Critical Solution ...
-
Incident Response Analyst
1 week ago
Super Systems Inc Arlington, United StatesHybrid · - 2x a week onsite (Tuesday and Thursdays) Sometimes there may not be an onsite need. · **Role Description**: · - Support the development of staff schedules and staffing forecasts for approval · - Ensure shift members follow the appropriate incident escalation and report ...
-
Incident Response Analyst with OT/ICS/SCADA
2 weeks ago
Peraton Arlington, United States Full timeResponsibilities · Peraton is currently seeking an experienced Incident Response Analyst with OT/ICS/SCADA experience for its' Federal Strategic Cyber program in Arlington, VA. · Location: On-site role in Arlington, VA. Ideal candidate needs to be amenable to travel, approximate ...
Incident Response Analyst - Washington, United States - Computer World Services (CWS)Corporation
Description
Job Description
The mission of the OFR is to support the Financial Stability Oversight Council (FSOC) in promoting financial stability by: collecting data on behalf of FSOC; providing such data to FSOC and member agencies; standardizing the types and formats of data reported and collected; performing applied research and essential long-term research; developing tools for risk measurement and monitoring; performing other related services; making the results of the activities of the OFR available to financial regulatory agencies; and assisting such member agencies in determining the types of formats of data authorized to be collected by such member agencies.
The Incident Response Analyst is an on-call role providing day-to-day incident response across the OFRAE and JADE networks. This includes investigating alerts from the SOC, third party notifications, and other security tools; working with Enterprise System owners to remediate immediate threats and incidents; knowledge capture and investigation tracking documentation to maintain knowledge on the team; monitor and notify of security tool outages and issues; participate in process enhancements through after-action reports, tabletop exercises, and peer consulting as needed.
The role will advise and build automations and complex playbooks to further grow the response capability of the team. This is a highly technical role that requires a solid understanding of incident response and security practices. As part of a growing team this role will have the ability to leverage and work with new capabilities as they are deployed including deception infrastructure, continuous penetration testing, data loss prevention (DLP), and machine learning capabilities. The analyst should have experience in ticketing workflow, EDR and endpoint data investigations, network pcap and netflow investigation, and other security tool alerting workflow and pivoting. This role is expected to contribute to maturing the overall IR and security capability through experience and recommendations at every level of security.
A successful candidate should also have an area of expertise in at least one blue team capability be it CTI, forensics, malware, etc.
Key Tasks and Responsibilities
Education & Experience
Certifications
Security Clearance
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at 314.###.#### or
Incident Response Analyst professionals in Washington, D.C.
-
Gil Huerta
Cybersecurity Analyst ( Active TS/SCI )
-
David B. Grinberg
strategic communications consultant