-
ID
#7444737 -
Job type
Permanent -
Salary
-USD -
Source
Indrasoft, Inc. -
Date
2020-12-28 -
Deadline
2021-02-26
7009- SOC Manager/ Senior Incident Response Forensic an
California, Seaside, 93955 Seaside USAPermanent
Vacancy expired!
- Active Top Secret clearance with T5/SSBI background investigation
- Bachelor s degree in computer science, information technology, network technology, network administration, cybersecurity, information security, or similar discipline AND 5+ years of incident response experience, with 1 year of Lead or Manager Incident Response, preferably in support of the DoD or other federal clients
- For the exceptional candidate, an additional 4 years of military or professional cybersecurity experience will be considered in lieu of a Bachelor s degree
- Active DoD 8570 CSSP Incident Responder certification for compliance, including at least one of the following certifications in good standing: CEH, CYSA+, CFR, CCNA Cyber Ops, CCNA Security, CHFI, GCFA, GCIH, SYCYBER
- Active DoD 8570 IAT Level II or III certification, including at least oe of the following certifications in good standing: Security +, CySA +, CISSP, CASP+, CCNA Security, GISCP, GSEC, CND, SSCP, CGED, GCIH
- Conducting Incident Responder activities for a DoD enterprise environment (1000 servers plus 1500 workstations)
- Knowledge of DoD cybersecurity policies, practices, and requirements, specifically including NIST and CJCSM 6510 policy and procedures
- Experience with digital investigations including: incident handling and response, network and computer forensics, malware and memory analysis
- Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders
- Capacity to thrive in a complex, chaotic environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions
- Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk
- Willing to work overtime, holidays, and weekends as necessary to support cybersecurity initiatives and incident response
- Must have the ability to maintain an active Top Secret clearance
- Leadership experience with direct reports in a cyber environment
- Experience in an DoD enterprise environment (1500 servers plus 2500 workstations)
- Knowledge of CJCSM 6510 policy and procedures
- Experience with digital investigations including: incident handling and response, network and computer forensics, malware and memory analysis
- Experience with ServiceNow or similar service management/ticketing systems
- Ability to prioritize workload and competing demands
- Database security management with experience detecting and preventing SQL injection and other threats, and preferred certifications such as the Oracle Database Security Expert
- Experience utilizing DoD tools, including the Assured Compliance Assessment Solution (ACAS) vulnerability scanner, host-based security system (HBSS), and McAfee ePolicy Orchestrator (ePO)
- Experience applying troubleshooting techniques across various server, application, and network technologies including:
- Operating systems Windows, RHEL and relevant DoD STIGs
- Networking knowledge TCP/IP, inspection tools, and network devices
- ArcSight, FireSight
- DoD tools - vulnerability scanners (ACAS/Nessus) and HBSS (McAfee ePO and point products)
- WireShark
- EnCase
- Serve as a Security Operations Center Manager (SOC) and Senior Incident Responder
- Serve as the IndraSoft/AIT Line Manager providing managerial support include but are not limited to timesheet reviews, performance reviews, employee engagement and management presentations
- Provide technical/functional guidance spanning all SOC tools used to investigate suspicious and potentially malicious activity within the network and systems
- SOC
- Manage the daily activities across a small SOC
- Fosture a culture towards process improvement, critical thinking, adaptability, and a positive can do attitude
- Champion and develop a plan for the expansion of the SOC with the DoD Customer
- Incident Response
- Support all aspects of Computer Security Incident Response activities for a large enterprise, including coordination with other government agencies and reporting of incidents
- Conduct analysis of cyber incidents and remediate or recommend remediation as appropriate in accordance with established incident response processes (detection, triage, incident analysis, remediation and reporting)
- Conduct highly technical examinations, analysis and reporting of computer based evidence related to security incidents (intrusion artifacts/IOCs) or investigations, leveraging all cybertools
- Reconstruct events from network, endpoint, and log data
- Support vulnerability and penetration testing
- Ensure the secure handling of digital evidence and matter confidentiality.
- Identify recurring incidents within a customer s environment and determine the need to escalate to the appropriate technical resources, ensuring resolution of more complex issues.
- Recognize potential successful and unsuccessful intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information.
- Assist with implementation of countermeasures or mitigating controls as needed
- Request and analyze on-demand system audits or vulnerability assessments when necessary to determine compliance
- Recommend changes or improvements to the incident management system
- Customer Engagement
- Engage customers in a professional manner, resolving requests and incidents with a high sense of urgency and ownership
- Communicate effectively and articulate the identified issues and resolution steps to bring the customer s incident to a resolved state
- Audits
- Participate in external and internal audits and assessments
- Support external Pen Testing teams
- Documentation
- Close incidents and prepare incident reports of analysis methodology and results.
- Be responsible for quality control of incident reports
- Support workflow development in the Service Now Incident Response Module
- Develop security policies and procedures
- Develop and maintain Incident Response Plan and Testing
- Track, measure and evaluate Incident Response compliance across the enterprise
- Prepare and present weekly presentation status slides
Vacancy expired!
Report job