Alliant Information Technologies, Inc. a subsidiary of IndraSoft, Inc., is seeking highly qualified Incident Responder with an active Top Secret clearance to support our DoD client, located in Alexandria, VA. The selected, highly motivated candidate will perform as the lifecycle Incident Responder activities for a complex, geographically dispersed, mission-critical enterprise. The successful candidate will leverage demonstrated experience in incident response, threat management, vulnerability management, asset management, and configuration management to support DoD cybersecurity requirements and objectives. To perform this job successfully, the selected candidate must be both a cybersecurity generalist, with significant experience across multiple technical domains, and a specialist in offensive cybersecurity tactics, techniques, and procedures (TTPs).
Active Top Secret clearance with T5/SSBI background investigation
Required Education, Experience, and DoD Cybersecurity Workforce Compliance:
Bachelor s degree in computer science, computer forensics, cybersecurity, information security, or similar technical discipline AND 3+ years of Incident Responder cybersecurity experience
For the exceptional candidate, an additional 4 years of military or civilian professional cybersecurity experience will be considered in lieu of a Bachelor s degree
Active DoD 8570 CSSP Incident Responder certification for compliance, including at least one of the following certifications in good standing: CEH, CYSA+, CFR, CCNA Cyber Ops, CCNA Security, CHFI, GCFA, GCIH, SYCYBER
Conducting Incident Responder activities for a DoD enterprise environment (1000 servers plus 1500 workstations)
Knowledge of DoD cybersecurity policies, practices, and requirements, specifically including NIST and CJCSM 6510 policy and procedures
Experience with digital investigations including: incident handling and response, network and computer forensics, malware and memory analysis
Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders
Capacity to thrive in a complex, chaotic environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions
Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk
Willing to work overtime, holidays, and weekends as necessary to support cybersecurity initiatives and incident response
Development experience in languages such as C/C, Java, Python, and Ruby, as well as experience in command line scripting languages such as Bash and PowerShell
Database security management with experience detecting and preventing SQL injection and other threats, and preferred certifications such as the Oracle Database Security Expert
Experience utilizing DoD tools, including the Assured Compliance Assessment Solution (ACAS) vulnerability scanner, host-based security system (HBSS), and McAfee ePolicy Orchestrator (ePO)
One or more penetration testing certifications, including: LPT, PenTest+, GPEN, GWAPT, GXPN, or OSCP
Systems architecture, engineering, and networking experience, with preferred certifications such as SSCP, Network+, CCNA, CCNP, CCIE, GISF, GCED, GPPA, or GDSA
Experience in threat, vulnerability, and risk management and mitigation, with preferred certifications such as CySA+, GEVA, GCTI, GMON, CRISC, or CISA
Experience supporting all aspects of diverse endpoint systems, with preferred certifications such as Linux+, Server+, GCWN, GCUX, MCSA, MCSE, or SCCM
Knowledge of and experience administering, optimizing, and securing cloud environments, with preferred certifications such as Cloud+, CCSP, AWS Certified Security, AWS Certified Advanced Networking, Oracle Cloud Infrastructure Certified Associate, or Oracle Cloud Infrastructure Certified Architect Professional
This role requires a passion for cybersecurity, outside-the-box thinking, and the drive and intellect to uncover and connect discrete data points to build comprehensive threat and vulnerability analyses.
Serve as the primary incident responder for DoD Customer
Support all aspects of Computer Security Incident Response activities for a large enterprise, including coordination with other government agencies and reporting of incidents
Conduct analysis of cyber incidents and remediate or recommend remediation as appropriate in accordance with established incident response processes (detection, triage, incident analysis, remediation and reporting)
Conduct highly technical examinations, analysis and reporting of computer based evidence related to security incidents (intrusion artifacts/IOCs) or investigations, leveraging all cybertools
Reconstruct events from network, endpoint, and log data
Support vulnerability and penetration testing
Ensure the secure handling of digital evidence and matter confidentiality.
Identify recurring incidents within a customer s environment and determine the need to escalate to the appropriate technical resources, ensuring resolution of more complex issues.
Recognize potential successful and unsuccessful intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information.
Assist with implementation of countermeasures or mitigating controls as needed
Request and analyze on-demand system audits or vulnerability assessments when necessary to determine compliance
Recommend changes or improvements to the incident management system
Close incidents and prepare incident reports of analysis methodology and results
Communicate effectively and articulate the identified issues and resolution steps to bring the customer s incident to a resolved state
Engage customers in a professional manner, resolving requests and incidents with a high sense of urgency and ownership
Track, measure and evaluate Incident Response compliance across the enterprise
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor s legal duty to furnish information. 41 CFR 60-1.35(c)