Incident Response Expert III
DigiFlight, Columbia, MD, United States
Responsibilities: - Serves as hunt and incident response subject matter expert (SME), applying in-depth knowledge of threat actor (TA) tools, techniques, and procedures (TTPs)
- Distills analytic findings into executive summaries and in-depth technical report
- Provide expert support, analysis, and research with only broad direction into exceptionally complex problems and processes relating to the subject matter as it relates to hunt and incident response activities
- Serves as technical expert on high-level incident response teams providing technical direction, interpretation, and alternatives
- Exercises considerable latitude in determining technical objectives of an assignment or task at hand
- Independently develops technical solutions to complex problems that require the regular use of ingenuity and creativity
- Analyzes incident data and victim environments to recommend targeted mitigations
- Advise technical personnel on countermeasure implementation and customization
- Supports internal stakeholders on containment and eradication missions
- Documents analysis in a standardized knowledgebase for sharing and publication
- Assists in maintaining branch process and procedure documentation
- Guides to the completion of hunt and incident response activities
Required Skills:
- U.S. Citizenship
- Must have an active TS/SCI clearance
- Must be able to obtain DHS Suitability
- 5+ years of directly relevant experience in expertise
- Must be able to travel domestically on short notice
- Strong understanding of network architecture/security
- Experience performing cyber incident response
- Ability to think independently
- Demonstrates superior written and oral communication skills
- Must be able to work collaboratively across physical locations
- Skilled in identifying different classes of attacks and attack stages
- Understanding of system and application security threats and vulnerabilities
- Understanding of proactive analysis of systems and networks, to include creating trust levels of critical resources
- Proficiency with common operating systems (e.g. Linux/Unix, Windows)
Desired Skills:
- Experience leading and mentoring technical teams
- Knowledge of Computer Network Defense policies, procedures and regulations
- Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation-state sponsored], and third generation [nation-state sponsored])
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code)
- Network and System administration experience
- Strong understanding of adversarial tactics/techniques/procedures (TTPs)
- Experience with Identity and Access Management (IAM) tools
- Ability to review and analyze Enterprise Architecture (EA) from a security perspective
- Understanding of cyber defense-in-depth principles
- Hands-on skill in host
etwork intrusion detection
- Ability to perform event correlation
- Experience with malicious activity analysis
- Ability to collaborate with stakeholders at multiple levels within an organization
Required Education:
BS Computer Science, Cyber Security, Computer Engineering, or related degree; or HS Diploma & 7+ years of technical experience in expertise.
Desired Certifications: One or more - DoD 8140.01 IAT Level II, IASAE II, CSSP Analyst - DoD 8140.01 GCIA, GCIH, CSSP Analyst/CSSP Incident Responder - DoD 8140.01 CEH, CSSP Analyst - SANS GIAC GNFA preferred - SANS GRID, GICSP, or GCIP a plus
- Distills analytic findings into executive summaries and in-depth technical report
- Provide expert support, analysis, and research with only broad direction into exceptionally complex problems and processes relating to the subject matter as it relates to hunt and incident response activities
- Serves as technical expert on high-level incident response teams providing technical direction, interpretation, and alternatives
- Exercises considerable latitude in determining technical objectives of an assignment or task at hand
- Independently develops technical solutions to complex problems that require the regular use of ingenuity and creativity
- Analyzes incident data and victim environments to recommend targeted mitigations
- Advise technical personnel on countermeasure implementation and customization
- Supports internal stakeholders on containment and eradication missions
- Documents analysis in a standardized knowledgebase for sharing and publication
- Assists in maintaining branch process and procedure documentation
- Guides to the completion of hunt and incident response activities
Required Skills:
- U.S. Citizenship
- Must have an active TS/SCI clearance
- Must be able to obtain DHS Suitability
- 5+ years of directly relevant experience in expertise
- Must be able to travel domestically on short notice
- Strong understanding of network architecture/security
- Experience performing cyber incident response
- Ability to think independently
- Demonstrates superior written and oral communication skills
- Must be able to work collaboratively across physical locations
- Skilled in identifying different classes of attacks and attack stages
- Understanding of system and application security threats and vulnerabilities
- Understanding of proactive analysis of systems and networks, to include creating trust levels of critical resources
- Proficiency with common operating systems (e.g. Linux/Unix, Windows)
Desired Skills:
- Experience leading and mentoring technical teams
- Knowledge of Computer Network Defense policies, procedures and regulations
- Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation-state sponsored], and third generation [nation-state sponsored])
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code)
- Network and System administration experience
- Strong understanding of adversarial tactics/techniques/procedures (TTPs)
- Experience with Identity and Access Management (IAM) tools
- Ability to review and analyze Enterprise Architecture (EA) from a security perspective
- Understanding of cyber defense-in-depth principles
- Hands-on skill in host
etwork intrusion detection
- Ability to perform event correlation
- Experience with malicious activity analysis
- Ability to collaborate with stakeholders at multiple levels within an organization
Required Education:
BS Computer Science, Cyber Security, Computer Engineering, or related degree; or HS Diploma & 7+ years of technical experience in expertise.
Desired Certifications: One or more - DoD 8140.01 IAT Level II, IASAE II, CSSP Analyst - DoD 8140.01 GCIA, GCIH, CSSP Analyst/CSSP Incident Responder - DoD 8140.01 CEH, CSSP Analyst - SANS GIAC GNFA preferred - SANS GRID, GICSP, or GCIP a plus