CND/Incident Response Analyst
Fort Meade, Maryland
Applications have closed
Cask Technologies
Cask Government Services provides technology consulting services for government and large enterprises to help achieve your goals. Contact us to learn more.
Cask is a leading Management Consulting firm specializing in delivering business and technical expertise to clients across commercial and government markets. Join the many happy employees at Cask! We have been named a top 5 firm to work for by Consulting Magazine for 5 of the past 6 years.
Responsibilities
- The contractor shall assist with analysis of actions taken by malicious actors in order to determine initial infection vector, establish a timeline of activity, and any data loss associated with incidents.
- Provide Python Programming, PowerShell Programming, and Script Development.
- Coordinate with and provide expert technical support to enterprise-wide CND technicians to document CND incidents, correlate incident data to identify specific vulnerabilities, and make recommendations enabling remediation.
- Monitor external data sources (e.g., computer network defense vendor sites, Computer Emergency Response Teams, Storage Area Networks (SANs), Security Focus), update the CND threat condition, and determine which security issues may have an impact on the enterprise.
- Analyze log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security and perform command and control functions in response to incidents.
- Perform CND incident triage, to include determining, urgency, and potential impact; identifying the specific vulnerability; and making written recommendations that enable expeditious remediation.
- Utilize forensically sound collection techniques of images and inspect to discern mitigation/remediation on enterprise systems, perform real-time CND incident handling (e.g.,
- Forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) to support deployable Incident Response Teams (IRTs).
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts and track and document CND incidents from initial detection through final resolution.
- Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, and security robustness), collect intrusion artifacts (e.g., source code, malware, and trojans), and use discovered data to enable mitigation of potential CND incidents within the enterprise.
Requirements
- Clearance Required: TS/SCI with counter-intelligence polygraph
- IAT level III or CSSP Incident Responder certification with documented additional education, specialization, or certification in one of the technologies or tools listed below:
- 5 years of experience in a majority of the below:
- System Architecture
- - Network Engineering
- - Systems Engineering
- - Virtual Environments
- Scripting
- - Powershell
- - Python
- - RegEx
- Forensics
- - Dead disk and memory interrogations
- - Malware analysis/reverse engineering
- Additional Preferred Experience
- - SCADA Systems
- - Cloud Environments
- - Database Administration
- - Hunt Methodologies
- - SEIM Operations (Splunk/Security Onion)
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
5
0
0
Categories:
Analyst Jobs
Incident Response Jobs
Tags: Clearance Clearance Required Cloud CND Firewalls Forensics IDS Incident response Intrusion detection Log files Malware Network security Polygraph PowerShell Python Reverse engineering SANS SCADA Scripting Splunk TS/SCI Vulnerabilities
Region:
North America
Country:
United States
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Security Operations Engineer jobsPenetration Tester jobsSenior Cyber Security Engineer jobsSenior Cybersecurity Engineer jobsInformation Security Officer jobsInformation Systems Security Officer jobsPrincipal Security Engineer jobsSenior Network Security Engineer jobsCloud Security Architect jobsStaff Security Engineer jobsInformation System Security Officer jobsSenior Penetration Tester jobsChief Information Security Officer jobsSecurity Specialist jobsSecurity Consultant jobsIT Security Engineer jobsCyber Security Specialist jobsSenior Information Security Analyst jobsCyber Security Architect jobsSenior Product Security Engineer jobsSecurity Operations Analyst jobsCybersecurity Consultant jobsInformation System Security Officer (ISSO) jobsThreat Intelligence Analyst jobsSenior Security Architect jobs
Malware jobsSDLC jobsSaaS jobsForensics jobsEncryption jobsRMF jobsSQL jobsGDPR jobsIPS jobsSplunk jobsIDS jobsTop Secret jobsEDR jobsDoDD 8570 jobsFinance jobsBash jobsTerraform jobsUNIX jobsITIL jobsOWASP jobsTCP/IP jobsIntrusion detection jobsCRISC jobsGIAC jobsDocker jobs
SANS jobsCompTIA jobsData Analytics jobsActive Directory jobsCCSP jobsOSCP jobsThreat detection jobsBanking jobsPolygraph jobsClearance Required jobsVPN jobsSOC 2 jobsCyber defense jobsJavaScript jobsIT infrastructure jobsDNS jobsAnsible jobsSOAR jobsGCIH jobsOracle jobsJira jobsSOX jobsSecurity strategy jobsCryptography jobsSAP jobs