As the CIRT Monitoring Team Lead, you’ll focus on helping build and improve detection capabilities, while leading a monitoring team that is focused on protecting the enterprise from threat actors. This position will involve coordinating and/or participating in high-priority investigations, identifying process improvements, and preparing reports for management and the client.
Supervise monitoring analysts in detecting security issues and triaging alerts
Coordinate incident response functions
Assist with project planning and identification of mitigation activities
Identify and recommend process creation and improvements
Identify advanced techniques and coordinate to improve analysis capability
Provide timely, comprehensive, and accurate information in both written and verbal reports
Mentor other analysts and incident handlers on analysis and security tools
Required: Basic Requirements
Knowledge of the TCP/IP networking stack and network technologies
Sound understanding of analysis methodologies
Familiarity with attack and defense frameworks
Ability to triage and prioritize alerts
Knowledge of Windows and/or Linux Architecture
Experience with Splunk, Linux CLI & Windows AD
Desired Skills: Preferred but not required
Knowledge of the Splunk processing language, query building, alerts, dashboards, and report generation
Experience developing cyber-intrusion detection system signatures, e.g. Snort, YARA
Experience writing shell scripts or python code to analyze machine data
Knowledge of full packet capture, PCAP analysis and accompanying tool
Familiarity with NIST Standards on cybersecurity and incident handling (800-53, 800-61)
Detailed knowledge of applicable security tools, technologies, and trends
Excellent written and verbal communication skills
CISSP and/or CASP+
SANS GCIH and/or GCIA
Certified Ethical Hacker and/or CySA+
Basic knowledge of Python, Java, C, and/or C++
Bachelors or equivalent education and work experience
COVID-19 Vaccination Requirement: To protect the health and safety of its employees and to comply with customer requirements, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.