- Perform incident handling responsibilities with direct interface to customers and management team
- Perform analysis on anomalous behavior based on log data from firewalls, packet capture, web proxy services, network flow analysis, intrusion detection, and malware analysis tools
- Instill and reinforce industry best practices in the domains of incident response, cybersecurity analysis, case and knowledge management, and SOC operations
- Promote and drive implementation of automation and process efficiencies
- Recommend implementation and improvement of new tools, capabilities, frameworks, and methodologies
- Provide guidance and mentorship to improve analyst skill sets and ensure delivery of high quality analysis and work products
- Establish trust and business relationships with customer and other relevant stakeholders Basic Qualifications
- Prior experience working as a SOC analyst
- 5+ years of intrusion detection and/or incident handling experience
- Working knowledge of SIEM solutions and incident management solutions
- In–depth knowledge of each phase of the Incident Response life cycle
- Expertise of Operating Systems (Windows/Linux) operations and artifacts
- Understanding of Enterprise Network Architectures to include routing/switching, common protocols (DHCP, DNS, HTTP, etc), and devices (Firewalls, Proxies, Load Balancers, VPN, etc)
- Ability to recognize suspicious activity/events, common attacker TTPs, perform logical analysis and research to determine root cause and scope of Incidents
- Department of Homeland Security (DHS) Entry on Duty (EOD) is required to support this program Must Have One of the Following J3 Certifications
- Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
- Hands–on cybersecurity experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization including prior experience performing large–scale incident response.
- Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
- Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.
- Familiarity with Cloud concepts and experience performing monitoring and responding to threats in Cloud environments
Incident Response Analyst with Security Clearance - Arlington, United States - Base One Technologies
Description
Required Education/ExperienceBS degree in Science, Technology, Engineering, Math or related field and 8+ years of prior relevant experience with a focus on cybersecurity OR Masters with 4–6 years of prior relevant experience.
Primary ResponsibilitiesOur govt client has an immediate need for an experienced Incident Response Analyst for a new customer on a highly–visible and strategic Cybersecurity Task Order.
The Incident Response Analyst will need to be a self–starter with excellent analytical and problem–solving skills, flexibility, good judgment, and the ability to work within a team to stand up and mature the cybersecurity capabilities of our customer.
BS degree in Science, Technology, Engineering, Math or related field and 8+ years of prior relevant experience with a focus on cybersecurity OR Masters with 4–6 years of prior relevant experience.
SANS GIAC:
GCIA, GMON, GCDA GPEN, GEVA, GWAPT, GSNA, GISF, GAWN, GXPN, GWEB
Offensive Security:
OSCP, OSCE, OSWP, OSEE ISC2: CISSP EC Council: CEH Preferred Qualifications