SAIC

CND Cyber Incident Responder - Fort Meade, MD

Security Engineer in Willing to consider other US cities , Baltimore, MD

Posted 2019-03-01
Description

The Computer Network Defense (CND) Analyst shall identify, collect, and analyze network and host data, and report events or incidents that occur or might occur within a network to mitigate immediate and potential network and host threats.

JOB RESPONSIBILITIES:
The individual shall perform computer network defense (CND) incident triage, to include determining urgency, and potential impact
Identifying the specific vulnerability
Making recommendations that enable expeditious remediation
Making recommendations that enable expeditious remediation, perform initial, forensically sound collection of images and inspect to determine mitigation/remediation on enterprise systems
Perform real-time computer network defense (CND) incident handling (e. g., forensic collection, intrusion correlation/tracking, threat analysis, and direct system remediation) task to support Incident Response Teams, receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts, and track and document computer network defense (CND) incidents from initial detection through final resolution.
The candidate should be able to employ defense-in-depth principles and practices, collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential computer network defense (CND) incidents within the enterprise.
Assist with analysis of actions taken by malicious actors to determine initial infection vectors, establish a timeline of activity and any data loss associated with incidents.
Must be experienced in the use of various incident response tools (e.g., Acunetix, Adobe, Cobalt Strike, FireEye, Fluke Networks Air Magnet, F-Response, Encase Guidance Software, IDA Pro, McAfee Advance Threat Defense, Network Miner Pro, Palo Alto, Burp Suite Professional, Metasploit Rapid 7, Red Seal, Splunk, VMWare, Domain Tools, Virus Tools, Microsoft Products, Operating Systems (e.g., Windows OS 2008 and 2012; Linux).
Must be experienced with programming tools such as Python, PowerShell and also able to develop Scripts with Scripting languages/tools.
The candidate must be able to provide expert technical support to enterprise-wide CND technicians to document CND incidents, correlate incident data to identify specific vulnerabilities and to make recommendations enabling remediation. Must have experience monitoring external data sources (e.g., computer network defense vendor sites, Computer Emergence Response Teams, SANS, Security Focus), update the CND threat condition, and determine which security issues may have an impact on the enterprise.
Must have experience analyzing log files, firewalls, firewall logs, and intrusion detection systems and IDS Logs to identify possible threats to network security, and to perform command and control functions in response to incidents

REQUIRED EDUCATION, EXPERIENCE, AND QUALIFICATIONS:
Bachelors Degree in Computer Science and a minimum of ten (10+) years of experience; or seven (7) years of experience with a Master's Degree. Additional years of experience could potentially be considered in lieu of degree.
At least ten (10) years of work experience in incident response.
Experience performing computer network defense (CND) incident triage
Must have experience performing Incident Response as it pertains to a post exploited host/compromised network
Must have experience with forensically interrogating and analyzing Microsoft Windows Operating Systems (Windows 7/10/2008R2/2012R2)
Must have experience with forensically interrogating and analyzing Linux Operating Systems
Must have experience and understanding of what and how to examine computer memory, process dumps, binary images with Open Source Software tools
Must have a firm understanding and experience of how to examine Windows and Linux host-based artifacts in the conduct of Incident Response actions
Must have an understanding and knowledge of which artifacts to collect in order to effectively triage and identify anomalies within an Operating System
Must possess fundamental and experience of sound operating system theory with the following:
Kernel Mode/User Mode
Memory Management
Processes, threads, run-time stack
System level Dynamically Loaded Libraries (DLLs)
Registry
Must have experience performing computer programming tasks employing a scripting language within Microsoft Windows and GNU/Linux environment
Must have experience performing computer programming tasks with Microsoft PowerShell programming from a Digital Forensic/Incident Response perspective (PowerShell programming is a very critical capability).
Must have experience Python Programming and must have experience reading and writing to a SQL database; must have experience processing JSON formatted data (import/export); can read from and write to files from a fixed and removed storage device; can programmatically write scripts to collect, filter, evaluate OS artifacts, and/or Network Packet Captures (PCAP) for threat analysis and signs of intrusion.
Experience with programming tools such as Python, PowerShell and must have experience writing scripts
Must have an IAT Level III certification (CISSP, GCED, CASP CE, CCNP Security, CISA, GCIH)

DESIRED EDUCATION, EXPERIENCE, AND QUALIFICATIONS:
Experience performing computer programming tasks with Python Programming (can read from and write to a SQL database, can process JSON formatted data (inport/export), can process SML formatted data (import/export), can read from and write to files from a fixes and removable storage, can programmatically write scripts to collect, filter, evaluate Operating System artifacts and/or Network Packet Captures for threat analysis and signs of intrusion)

CLEARANCE REQUIREMENTS:
Must have an active TS/SCI Clearance with Polygraph

Ready to be Seen?

Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.

Be Seen in a new Security Engineer job

Skip the search

Zero stress and one profile that can connect you directly to 1000s of companies.

Best-fit jobs—for you

We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.

Free Career Coaching

Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.

You get tech. We get you.

Join now and Be Seen.