Location: Alexandria, VA 22310
Shift: Shift open: 7PM-7AM Thursday - Saturday and an 8 hours shift every other Wednesday.
Our client, a Service-Disabled Veteran-Owned business, was founded in 2005 to address the IT and infrastructure challenges facing Federal government agencies. Since that time, our client has established itself as one the fastest growing providers of technology and consulting services across Federal government, State and Local government, and commercial enterprises. Our staff maintain expertise spanning a wide spectrum of IT management, technology, and service solutions. We are repeatedly recognized as a “Best Place to Work” for maintaining an exceptional work environment for our employees. Our client is appraised at Capability Maturity Model Integration (CMMI) Level 3 and holds ISO 20000-1:2011 and ISO 27001:2013 certifications. Through our clients’ Horizon®, our customers are able to consume technology and services traditionally, cloud-enable their data centers on premises through our ‘as a Service’ offerings, or transition services off premises to our clients cloud environment.
Repeatedly recognized as an elite public sector IT provider, our client has a well-documented history of dedication to its staff. They have been recognized as an exceptional work place by The Washington Post and Washington Business Journal and were named to Inc. Magazine’s definitive top 100 of America’s Strongest and Most Strategic Growth Firms. These accolades do not come by chance. They are the result of a company that takes stock in the working environment it creates and a corporate approach that is designed to care for, enhance, and appreciate every employee—which invariably translates into more competently-delivered, higher-value services for its clients.
Incident Handlers are part of a team that will maintain twenty four (24) hours a day, seven (7) days a week, three hundred sixty five (365) days per year, incident handling capability. Incident Handlers must be proven team players with excellent oral and written communications skills. Incident Handlers must be capable of working on projects independently. Frequent interaction with government client is required.
- Bachelor's degree in Computer Science or Information systems OR minimum six (6) years of relevant professional experience
- Mid-Range IR: Minimum four (4) years IT experience with at least two years hands-on incident response responsibility
- Senior IR: Minimum six (6) years IT experience with at least four (4) years hands-on incident response responsibility
- Experience working in a network security environment, such as a Security Operations Center (SOC), Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT), Computer Incident Response Center (CIRC) or Cyber Security Incident Response Center (CSIRC).
- Must have the ability and prior experience with analyzing information technology security events to discern events that qualify as a legitimate security incidents as opposed to non-incidents. This includes the identification of malicious code present within a computer system as well identification of malicious activities present within a computer system and/or enterprise network.
- Must possess excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings
- Must possess excellent organizational and attention to details skills
- Must possess a working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks. A conceptual understanding of Windows Active Directory is also required.
- Must possess a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common Internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.)
- Must have experience working with various event logging systems and must be proficient in the review of security event log analysis. Previous experience with Security Information and Event Monitoring (SIEM) platforms that perform log collection, analysis, correlation, and alerting is also required - preferably at least one year's hands on experience with Splunk queries.
- Must have proficiency in utilizing various packet capture (PCAP) applications/engines and in the analysis of PCAP data
- Must have experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment
Essential Functions and Responsibilities:
- Receive, document, and report cyber security events.
- Categorize incidents and implement corresponding escalation procedures.
- Communicate and coordinate incident response efforts.
- Conduct daily operational update meetings for SOC staff and unscheduled situational update briefings for government leaders.
- Analyze reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise (IOCs).
- Provide telephone, e-mail and ticket service to customers.
- Reference applicable departmental and operating administration policies in work products
- Access, secure and inspect local classified information processing areas.
- Any other duties as requested by the Contracting Officer Representative and SOC management.
Success Factors / Job Competencies:
- Ability to determine areas that can be improved and taking the lead on those project areas
- Ability to make yourself clearly understood in incident handling situations to include interaction with onsite and offsite government personnel, contractor staff and senior managers
- Willingness to teach other analysts what you know to improve the overall capabilities of the CSOC
Physical Demands and Work Environment:
- Limited movement of desktops and printers
- Free parking onsite, free metro access bus (Springfield Metro) from 7:00 AM - 7:00 PM
- Shift will be 7:00 PM - 7:00 AM Sunday - Tuesday/Wednesday or Wednesday/Thursday - Saturday (alternating start and end days based on bi-weekly cycle of 12-hour shifts)
- Excellent team environment