13 days old
2017-11-102017-12-08

Incident Response/Watch Officer

Fort Meade, MD 20755
  • Job Code
    587221
  • Payrate
    $130,000 To $140,000

Computer Network Defense / Incident Response Analyst Job


Location: Ft Meade


Company: SAIC


Computer Network Defense / Incident Response Analyst


Clearance TS SCI


Description:


The CND Analyst shall identify, collect, and analyze network and host data, and report events or incidents that occur or might occur within a network to mitigate immediate and potential network and host threats.


The individual shall perform computer network defense (CND) incident triage, to include determining urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation, and making recommendations that enable expeditious remediation, perform initial, forensically sound collection of images and inspect to determine mitigation/remediation on enterprise systems; perform real-time computer network defense (CND) incident handling (e. g., forensic collection, intrusion correlation/tracking, threat analysis, and direct system remediation) task to support Incident Response Teams, receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts, and track and document computer network defense (CND) incidents from initial detection through final resolution. The candidate should be able to employ defense-in-depth principles and practices, collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential computer network defense (CND) incidents within the enterprise.


The candidate must be able to provide expert technical support to enterprise-wide CND technicians to document CND incidents, correlate incident data to identify specific vulnerabilities and to make recommendations enabling remediation. Must have experience monitoring external data sources (e.g., computer network defense vendor sites, Computer Emergence Response Teams, SANS, Security Focus), update the CND threat condition, and determine which security issues may have an impact on the enterprise. Must have experience analyzing log files, firewalls, firewall logs, and intrusion detection systems and IDS Logs to identify possible threats to network security, and to perform command and control functions in response to incidents


Assist with analysis of actions taken by malicious actors to determine initial infection vectors, establish a timeline of activity and any data loss associated with incidents. Must be experienced in the use of various incident response tools (e.g., Acunetix, Adobe, Cobalt Strike, FireEye, Fluke Networks Air Magnet, F-Response, Encase Guidance Software, IDA Pro, McAfee Advance Threat Defense, Network Miner Pro, Palo Alto, Burp Suite Professional, Metasploit Rapid 7, Red Seal, Splunk, VMWare, Domain Tools, Virus Tools, Microsoft Products, Operating Systems (e.g., Windows OS 2008 and 2012; Linux).


Note that performance under this task may occur outside of normal business hours depending on the timing and nature of an incident. The government estimates approximately 160 hours per year will be afterhours support under this task.


Qualifications:


Required Qualifications:


- 10 years of recent work experience in incident response


- Bachelor Degree in Computer Science


- Must have an IAM Level III certification (GSLC, CISM, or CISSP) or the ability to obtain within 6 months of employment.


- Experience performing computer network defense (CND) incident triage


- Experience forensically interrogating and analyzing Microsoft Windows Operating Systems (Windows 7/10/2008R2/2012R2)


- Experience performing computer programming tasks with Microsoft PowerShell programming from a Digital Forensic/Incident Response perspective.


- Experience performing computer programming tasks with Python Programming


SAIC Overview:


SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC provides systems engineering and integration offerings for large, complex projects. Headquartered in McLean, Virginia, SAIC has approximately 15,000 employees and annual revenues of about $4.3 billion.


Potential for Teleworking: No


Travel: None


Shift: Day Job


Schedule: Full-time


Further Detail:


1. Can perform Incident Response as it pertains to a post exploited host /compromised network.


Competently and forensically interrogate/analyze Microsoft Windows Operating Systems (Windows 7 / 10 / 2008 R2 / 2012 R2)


Understands what and how to examine memory, process dumps, binary image given Open Source Software tools.


Understands what and how to examine Windows host-based artifacts in the conduct of Incident Response actions.


Understands which artifacts to collect in order to effectively triage and identify anomalies within the Operating System.


Possesses fundamentally sound Operating System Theory


+ Kernel Mode / User Mode


+ Memory Management


+ Processes, threads, run-time stack


+ System level Dynamically Loaded Libraries (DLLs)


+ Registry


2. Can competently perform computer programming tasks employing a scripting language within a Microsoft Windows and GNU/Linux environment.


PowerShell Programming from a Digital Forensic / Incident Response perspective: PowerShell programming is a very critical capability.


- Python Programming.


+ Can read from and write to a SQL database


+ Can process JSON formatted data (import / export)


+ Can process XML formatted data (import / export)


+ Can read from and write to files from a fixed and removable


storage.


+ Can programmatically write scripts to collect, filter, evaluate Operating System artifacts and/or Network Packet Captures (PCAP) for threat analysis and signs of intrusion.


3. Effectively work within a team in the conduct of Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM).

Categories

  • Information Technology

Randstad utilizes a technology-driven focus with a human touch to provide better staffing and business solutions to organizations around the world. Our team of experts match professionals with available career opportunities in a variety of fields.

Featured Jobs

Career News

Share this job:

Incident Response/Watch Officer

Randstad Technologies
Fort Meade, MD 20755

Share this job

Incident Response/Watch Officer

Randstad Technologies
Fort Meade, MD
US

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast