CNDSP Incident Responder

Location: Huntsville, AL
Date Posted: 01-10-2019
All qualified resumes will receive feedback within 24 hours
Must have an Active Secret Clearance

Candidates will provide Incident Response actions to support Computer Network Defense Service Provider program by:
  • Working with team Security Analysts and assist the Computer Incident Response Team (CIRT) Lead guide first responder actions.
  • Recommend actions to the customer CIRT Lead to be taken in response to an on-going or post discovery incident; this may include port or protocol blocks or other actions.
  • Conduct all incident handling IAW applicable DoD policies on identified systems with the customer system and network administrators to determine if an incident occurred.
  • Provide reports using DoD established formats to include operational impact.
  • Provide training and supervision of Security Analyst during shift operations
  • Insure that all TTPs are being followed and updated as required
  • Daily Monitor SIPRNET for updates and changes
Candidates will provide shift work in support of monitoring a 24x7x365 Security Operations Center (C2SOC).  Primary responsibilities include but are not limited to: Monitor, detect, analyze, investigate, report, and track security-related “events” such as signs of intrusion, compromise, misuse, and compliance. Utilize provided sensors, systems, tools to monitor networks and systems for signs of intrusion, compromise, misuse, and non-compliance. Proactively monitor and track down anomalies, non-compliant systems, and other observed events that are detrimental to the overall security posture of the IT infrastructure. Support detection of vulnerabilities and sophisticated and nuanced attacks, discern and remove false positives, and analyze the information generated by systems. Support scanning of devices on the network for network and system vulnerabilities. Support daily analysis of security logs to detect incidents. Support generation of metrics and reporting on a regular basis. Perform additional tasks or duties as assigned. Perform analysis of log files from a variety of sources within the Network Enclave (NE) or enclave, to include individual host logs, network traffic logs / packet captures, firewall logs, and intrusion detection system logs at least daily. Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources. Assist in the construction of signatures which can be implemented on CND network tools in response to new or observed threats within the NE or enclave. Monitor appropriate security bulletins and report any security issues that may impact the IDS to the Customer Computer Network Defense Service Provider (CNDSP) Manager, CNDSP Incident Responders, DeCA CIRT Lead, other CNDSP related personnel and Customer Information Assurance personnel. IDS logs, databases, and security incident response reports are to be prepared and maintained. Receive and analyze network alerts from various sources within the NE or enclave and determine possible causes of such alerts. Review and respond to events identified in the Host-Based Security System (HBSS). Coordinate with enclave CND staff to validate network alerts. Notify CND managers, CND incident responders, and other CNDSP team members of suspected CND incidents and articulate the event’s history, status, and potential impact for further action. An analysis of any suspicious internal and/or external action must be accomplished and reported to Customer CNDSP management based on established guidelines. Perform event correlation using information gathered from a variety of sources within the NE or enclave to gain situational awareness and determine the effectiveness of an observed attack.
Bachelor’s Degree or the equivalent. Minimum of two years of experience working in an operations center or in a setting in which the primary responsibility is in collecting, analyzing, interpreting information, and remediation of incidents/events.  Two years of experience with information systems and capable of managing records projects using both electronic and manual systems is required. Must have the following certifications: DoD 8570 IAT Level III certification such as the CISSP (Certification Information System Security Professional) or CASP (Advanced Security Practitioner). DoD 8140 CSSP Incident responder preferred, required within 6 Months. Demonstrate a knowledge of IA and CND principles, concepts, and methodologies, such as: Host Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS), RSA EnVision, BlueCoat, Wireshark, Splunk, Sourcefire, and Gigamon. Candidate must hold a Secret security clearance. Full-time position located in Fort Lee, VA.
this job portal is powered by CATS