Job#: 1270236 Job Description: Apex Systems is hiring a fully REMOTE Incident Response SME II for one of our government clients! If you are interested, please send a copy of your updated resume and any certifications to email@example.comPosition Overview:The SME II defines the complex problems and performs detailed analysis and develops plans and requirements in the subject matter area for highly complex systems. Serves as Subject Matter Expert possessing in-depth knowledge or skills in a particular area such as information technology, telecommunications, security/cyber security operations, computer science engineering, software, mathematics, hardware, materials, business, state of the art technologies or program related subject matter. Individual will have high level skills in investigating and responding to cybersecurity threats, especially mobile threats, will make configuration recommendations and develop effective response strategies to complex threats for any aspect of the IT enterprise. Individual has unique capabilities or experience not available under other categories or requiring unique program related training or experience. Individual may be a recognized leader, pioneer or expert in their field.Essential Functions, Responsibilities & Duties may include, but are not limited to:
- Provide enterprise-wide management of security incidents in unclassified, organizations'-managed network space, to detect, respond and report all computer related incidents that includes daily monitoring of the organization's information systems, vulnerability remediation, intrusion detection, log reviews and malware tracking as well as provide cyber threat analysis to proactively deter advisories
- Provide infrastructure, operations, and maintenance support for network-based intrusion detection systems (Debian GNU/Linux) and other Security Information tools such as Event Management solutions (Splunk) and Network Security Management solutions (Skybox Security and Nessus)
- Conduct assessments, identification, and remediation of the individuals and /or systems affected
- Reporting of all information security incidents through the proper authority within the specified timeline
- Ensure that the Incident response program complies with applicable security policy, for example the Federal Information Security Management Act (FISMA) of 2002 and the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61, Rev. 2, US-CERT Federal Incident Notification Guide, and USAID Computer Security Incident Handling Guide
- Develop and updates as necessary all procedures to identify and respond to incidents, to prevent or limit damage to the organization's assets
- Prepare and present subject matter expertise in executive threat briefs on the current threat environment
- Monitor, triage, prioritize events, and respond to alerts for further investigation. Complete, thorough, and detail-oriented work in a timely manner is a must.
- Investigate SIEM events, alerts, and tips to determine if an incident has occurred.
- Analyze CTI reporting & IOCs to improve network defenses and other security measures.
- Understanding of multiple log types including Windows, AD, Email, VPN, etc.
- Maintain situational awareness and keep current with cyber security news and threat actor Tactics, Techniques, and Procedures (TTPs).
- Document ongoing investigations and analysis using ticketing and incident reporting systems.
- Support the production of effective situational awareness products with relevant metrics and visualizations for key constituents and leadership.Work Experience, Knowledge, Skills & Abilities:
- 7+ years of experience with two years specialized in information security.
- Bachelor's degree in computer science, information technology or related field
- Knowledge and expertise of each phase of the Incident Response life cycle
- Experience with cybersecurity tools to include Splunk, FireEye suite of tools, Palo Alto firewalls, and others
- Technical writing skills to document analysis outcomes within incident reporting systems
- Critical thinking skills
- Analytic skills and experience
- Strong teamwork and collaboration skills
- Good written and verbal communication skills
- Ability to work independently, with strong and consistent traits of self-motivation.
- CISSP and/or GIAC Certifications
- Top Secret Security clearance with the ability to hold SCI