Tier 2 Incident Response Deputy CIRT Lead
Company: Leidos Inc
Location: Ashburn
Posted on: May 26, 2023
|
|
Job Description:
Description The Leidos Intelligence Group is seeking a Tier 2
Incident Response Deputy CIRT Lead to support a highly visible
contract with DHS.The Department of Homeland Security (DHS),
Security Operations Center (SOC) Support Services is a US
Government program responsible to monitor, detect, analyze,
mitigate, and respond to cyber threats and adversarial activity on
the DHS Enterprise. The DHS SOC has primary responsibility for
monitoring and responding to security events and incidents detected
at the Trusted Internet Connection (TIC) and Policy Enforcement
Point (PEP) and is responsible for directing and coordinating
detection and response activities performed by each Component SOC.
Direction and coordination are achieved through a new shared DHS
incident tracking system and other means of coordination and
communication. Leidos is seeking a Tier 2 Incident Response Deputy
CIRT Lead to join our team on this highly visible DHS CBP SOC
Program.This position will and assist in supporting and managing a
24X7 shift schedule with approximately 12 team members.The Incident
Responder will perform the following:* Coordinate investigation and
response efforts throughout the Incident Response lifecycle*
Correlate and and analyze events and data to determine scope of
Cyber Incidents* Acquire and analyze endpoint and network
artifacts, volatile memory, malicious files/binaries and scripts*
Recognize attacker tactics, techniques, and procedures as potential
indicators of compromise (IOCs) that can be used to improve
monitoring, analysis and Incident Response.* Develop, document, and
maintain Incident Response process, procedures, workflows, and
playbooks* Tune and maintain security tools (EDR, IDS, SIEM, etc)
to reduce false positives and improve SOC detection capabilities*
Document Investigation and Incident Response actions taken in Case
Management Systems and prepare formal Incident Reports* Create
metrics and determine Key Performance Indicators to drive maturity
of SOC operations* Develop security content such as scripts,
signatures, and alertsThe ideal candidate will possess:* In-depth
knowledge of each phase of the Incident Response life cycle*
Expertise of Operating Systems (Windows/Linux) operations and
artifacts* Understanding of Enterprise Network Architectures to
include routing/switching, common protocols (DHCP, DNS, HTTP, etc),
and devices (Firewalls, Proxies, Load Balancers, VPN, etc)* Ability
to recognize suspicious activity/events, common attacker TTPs, and
perform logical analysis and research to determine root cause and
scope of Incidents* Be familiar with Cyber Kill Chain and have
utilized the ATT&CK Framework* Have scripting experience with
Python, PowerShell, and/or Bash* Ability to independently
prioritize and complete multiple tasks with little to no
supervision* Flexible and adaptable self-starter with strong
relationship-building skills* Strong problem-solving abilities with
an analytic and qualitative eye for reasoning* Strong verbal and
written communication skills*Ability to communicate with all levels
of audiences (subordinates, peers & leadership)Basic
QualificationsAll Department of Homeland Security CBP SOC employees
are required to favorably pass a 5-year (BI) Background
Investigation. Experience in the areas of incident detection and
response, malware analysis, or computer forensics.Bachelors' degree
in Computer Science, Engineering, Information Technology, Cyber
Security, or related field and 4-8years of related experience.
Additional years of experience and cyber certifications may be
considered in lieu of degree.Should have at least one of the
following certifications:SANS GIAC: GCIH, GCIA, GCFA, GPEN GCFE,
GREMCISSP OSCP, OSCE, OSWPPreferred QualificationsExperience in
cyber government, and/or federal law enforcement FISMA systems.Pay
Range:Pay Range $78,000.00 - $120,000.00 - $162,000.00The Leidos
pay range for this job level is a general guideline onlyand not a
guarantee of compensation or salary. Additional factors considered
in extending an offer include (but are not limited to)
responsibilities of the job, education, experience, knowledge,
skills, and abilities, as well as internal equity, alignment with
market data, applicable bargaining agreement (if any), or other
law.
Keywords: Leidos Inc, Germantown , Tier 2 Incident Response Deputy CIRT Lead, Other , Ashburn, Maryland
Click
here to apply!
|