Cyber Incident Responder

Description

Powder River Industries, LLC provides technical services across the entire system development life cycle (SDLC). As a prime we are responsible for complete end-to-end system management for a customer’s top secret enterprise mission systems. This includes data center, logistics support, configuration management, COOP, and disaster recovery. As a subcontractor we are providing services in DevSecOps, software development, network administration, systems analysis, database administration, storage engineering, hardware engineering, Tier 1 – Tier 3 support in traditional data center environments (bare metal frames), high performance computing (HPC) centers, cloud, and hybrid cloud. The cloud environments we are operating in today are AWS, Microsoft Azure, and Oracle. 

Requirements

• Investigates, analyzes, and responds to cyber incidents within the network environment or enclave. 
• Coordinate and provide senior level technical support to enterprise-wide cyber defense analysts to resolve cyber defense Incidents 
• Determine the scope, urgency and impact of cyber defense incidents 
• Coordinate incident response functions and recommend incident remediation strategies 
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation 
• Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security 
• Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation 
• Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs) 
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts 
• Track and document cyber defense incidents from initial detection through final resolution 
• Coordinate with intelligence analysts to correlate threat assessment data 
• Perform cyber defense trend analysis and reporting 
• Notify designated managers, and cybersecurity service provider team members of suspected security incidents and communicate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan 

Non Negotiable Requirements:  

1. Q or Top Secret with investigation current within the last 5 years  

2. On-site, no remote  

3. Travel Required. One week, once per quarter.

Technical Environment: Microsoft, Linux, Splunk, Ansible, Tenable, GEMS 

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.