Cyber Security Incident Response Analyst

TEKsystems - Pearl City, HI

posted 3 months ago

Full-time - Mid Level
Pearl City, HI
10,001+ employees
Professional, Scientific, and Technical Services

About the position

TEKSystems is seeking a Cyber Security Incident Response Analyst to support a cleared position in the Department of Defense (DoD). This role is critical in identifying, isolating, investigating, informing, and implementing measures to detect and protect data across a wide spectrum of sources and locations. The position requires a Secret security clearance, which will be upgraded to Top Secret. As a Cyber Security Incident Response Analyst, you will be responsible for validating suspicious events or reports to determine if they constitute an incident. You will ensure that incidents are properly documented in the appropriate reporting systems and assess the severity of each incident. In this role, you will maintain familiarity with the CJCSM 6510.01B and compile and maintain internal standard operating procedure (SOP) documentation. You will ensure that all associated documentation and capabilities remain compliant with CJCSM 6510.01B and other applicable policy directives. Your responsibilities will include providing network intrusion detection and monitoring, correlation analysis, incident response, and support for the Cybersecurity Service Provider (CSSP) and its subscriber sites. You will coordinate with JFHQ-DoDIN and supported entities regarding significant incidents to ensure proper analysis and timely reporting. The position requires you to provide 24x7 support for the CSSP's Incident Response capability during non-core business hours as needed. You will perform network and host-based digital forensics on Microsoft Windows-based systems and other operating systems to enhance response and investigation into significant network incidents. A working knowledge of full packet capture (PCAP) analysis and tools such as Wireshark is essential. You will explore patterns in network and system activity via log correlation using Splunk and other supplemental tools, and you should possess an understanding of IDS/IPS solutions, including signature development and implementation. Participation in program reviews, product evaluations, and onsite certification evaluations will also be part of your duties. The role may require up to 15% travel and overtime as needed to support incident response actions, with operations conducted 24/7/365 across three primary shifts.

Responsibilities

  • Identify, isolate, investigate, inform, and implement measures to detect and protect data.
  • Validate suspicious events or reports to determine if they constitute an incident.
  • Ensure incidents are properly entered into the appropriate reporting system and assess their severity.
  • Maintain familiarity with CJCSM 6510.01B.
  • Compile and maintain internal standard operating procedure (SOP) documentation.
  • Ensure compliance with CJCSM 6510.01B and other applicable policy directives.
  • Provide network intrusion detection and monitoring, correlation analysis, and incident response support for the CSSP.
  • Coordinate with JFHQ-DoDIN and supported entities regarding significant incidents for proper analysis and reporting.
  • Provide 24x7 support for the CSSP's Incident Response capability during non-core business hours.
  • Perform network and host-based digital forensics on Microsoft Windows and other operating systems.
  • Conduct full packet capture (PCAP) analysis and utilize tools like Wireshark.
  • Explore patterns in network and system activity via log correlation using Splunk and other tools.
  • Understand IDS/IPS solutions, including signature development and implementation.
  • Participate in program reviews, product evaluations, and onsite certification evaluations.

Requirements

  • 4+ years experience in a Cybersecurity Service Provider (CSSP) environment or similar experience.
  • Must be IAT II and CND IR compliant.
  • IAT II Certs and Above: CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP, CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP.
  • CSSP Certs: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, PenTest+, SSCP, CHFI, CFR, CND, CCNA-Security, GCFA, CISA, GSNA, CISM, CISSP, CCISO.

Benefits

  • Medical, dental & vision
  • Critical Illness, Accident, and Hospital
  • 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available
  • Life Insurance (Voluntary Life & AD&D for the employee and dependents)
  • Short and long-term disability
  • Health Spending Account (HSA)
  • Transportation benefits
  • Employee Assistance Program
  • Time Off/Leave (PTO, Vacation or Sick Leave)

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service