Duties and Responsibilities
- Perform technical incident response investigations into cybersecurity related events and incidents
- Determine the nature, scope, and cause of incidents including root cause analysis
- Identify corrective actions and aid in the containment, eradication, and recovery of a given event and incident
- Track incident response, corrective measures taken, recommendations, and remediation activities; complete incident reports for investigations as needed; provide or contribute to weekly report of events and incidents
- Create and maintain incident response SOP in accordance with CJCSM 6510.01B, NIST SP 800-61R2, DoD regulations, and industry best practices
- Respond to and investigate cyber events should an incident occur after regular business hours
Qualifications and Requirements
- Active DoD 8570 IAT Level II certification or greater, including at least one of the following certifications in good standing: CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP, CASP+CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, or CCSP.
- Active DoD 8570 CSSP Incident Responder certification a plus, including at least one of the following certifications in good standing: CEH, CFR, CCNA Cyber Ops, CHFI, CySA+, GCFA, GCIH, SCYBER, or PenTest+
- Knowledge of Incident Response Handling Procedures (NIST SP 800-61)
- Familiarity with cyber adversary tactics and frameworks (such as ATT&CK and D3FEND)
Experience/Education
- Bachelor's Degree in computer science or related field
- 7+ years in Information Technology or Information Security
- 3+ years in Cybersecurity Incident Response
- CIRT lead experience a plus