Alliant Information Technologies, Inc. a subsidiary of IndraSoft, Inc., is seeking highly qualified Incident Response Lead candidate with a Top Secret clearance to support our DoD client, located in Seaside, CA. The selected candidate will be a highly motivated individual who works well as part of a multi-disciplinary team. The candidate will serve as the Incident Response Lead & Sr. Incident Responder.
Required Qualifications:
Must have an active Top Secret clearance and ability maintain the TS clearance
Bachelor s degree in computer science, information technology, network technology, network administration, cybersecurity, information security, or similar discipline AND 4+ years of incident response experience, plus 1 year of Lead or Manager Incident Response, preferably in support of the DoD or other federal clients
Minimum 4+ years as an incident responder/handlers and 1 year leading an incident response team.
Active DoD 8570
CSSP Incident Responder certification for compliance, including at least one of the following certifications in good standing: CEH, CYSA+, CFR, CCNA Cyber Ops, CCNA Security, CHFI, GCFA, GCIH, SYCYBER
IAT Level II or III certification, including at least one of the following certifications in good standing: Security +, CySA +, CISSP, CASP+, CCNA Security, GISCP, GSEC, CND, SSCP, CGED, GCIH
Conducting Incident Responder activities for a DoD enterprise environment (1000 servers plus 1500 workstations)
Knowledge of DoD cybersecurity policies, practices, and requirements, specifically including NIST and CJCSM 6510 policy and procedures
Experience with digital investigations including: incident handling and response, network and computer forensics, malware and memory analysis
Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders
Capacity to thrive in a complex, chaotic environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions
Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk
Willing to work overtime, holidays, and weekends as necessary to support cybersecurity initiatives and incident response
Must have the ability to maintain an active Top Secret clearance
Desired Qualifications
Experience with ServiceNow or similar service management/ticketing systems
Ability to prioritize workload and competing demands
Database security management with experience detecting and preventing SQL injection and other threats, and preferred certifications such as the Oracle Database Security Expert
Experience utilizing DoD tools, including the ArcSight, Assured Compliance Assessment Solution (ACAS) vulnerability scanner, host-based security system (HBSS), and McAfee ePolicy Orchestrator (ePO)
Technologies Desired:
Experience applying troubleshooting techniques across various server, application, and network technologies including:
Operating systems Windows, RHEL and relevant DoD STIGs
Networking knowledge TCP/IP, inspection tools, and network devices
ArcSight, FireSight
DoD tools - vulnerability scanners (ACAS/Nessus) and HBSS (McAfee ePO and point products)
WireShark
EnCase
Job Description:
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The key responsibilities listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Primary focus will be on the containment, restoration, investigation, and reporting of activities related to computer security incidents.
Key Responsibilities:
Serve as a Senior Incident Response technical/functional principal
Serve as the IndraSoft/AIT Line Manager providing managerial support include but are not limited to timesheet reviews, performance reviews, employee engagement and management presentations
Provide technical/functional guidance spanning all SOC tools used to investigate suspicious and potentially malicious activity within the network and systems
Incident Response
Support all aspects of Computer Security Incident Response activities for a large enterprise, including coordination with other government agencies and reporting of incidents
Conduct analysis of cyber incidents and remediate or recommend remediation as appropriate in accordance with established incident response processes (detection, triage, incident analysis, remediation and reporting)
Conduct highly technical examinations, analysis and reporting of computer based evidence related to security incidents (intrusion artifacts/IOCs) or investigations, leveraging all cybertools
Reconstruct events from network, endpoint, and log data
Support vulnerability and penetration testing
Ensure the secure handling of digital evidence and matter confidentiality.
Identify recurring incidents within a customer s environment and determine the need to escalate to the appropriate technical resources, ensuring resolution of more complex issues.
Recognize potential successful and unsuccessful intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information.
Assist with implementation of countermeasures or mitigating controls as needed
Request and analyze on-demand system audits or vulnerability assessments when necessary to determine compliance
Recommend changes or improvements to the incident management system
Customer Engagement
Engage customers in a professional manner, resolving requests and incidents with a high sense of urgency and ownership
Communicate effectively and articulate the identified issues and resolution steps to bring the customer s incident to a resolved state
Audits
Participate in external and internal audits and assessments
Support external and internal Pen Testing teams
Documentation
Close incidents and prepare incident reports of analysis methodology and results.
Be responsible for quality control of incident reports.
Support workflow development in the Service Now Incident Response Module
Develop security policies and procedures
Develop and maintain Incident Response Plan and Testing
Track, measure and evaluate Incident Response compliance across the enterprise
Prepare and present weekly presentation status slides
Candidate may also provide general technical cybersecurity support in the areas of vulnerability assessment, risk assessment, network security, and security implementation. Additional general duties include implementation and support for protecting the confidentiality, integrity and availability of sensitive information;providing input into the design of IS contingency plans; and conducting testing and audit log reviews to evaluate the effectiveness of current security measures.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor s legal duty to furnish information. 41 CFR 60-1.35(c)