Incident Response Analyst (CSSP Incident Responder)

Clearance Level
Interim Top Secret
Category
Systems Analysis
Location
Doral, Florida

REQ#: RQ71950

Travel Required: Less than 10%
Requisition Type: Regular

Primary Responsibilities Incident Response Analyst (CSSP Incident Responder) validate suspicious events or reports and determine if the event constitutes an incident, identify the scope of the attacks, isolate the responsible agents, and implement detection capabilities/counter measurements. Perform network and host-based digital forensics on Microsoft Windows based systems and other operating systems as necessary to enhance response to, support of, and investigation into significant network incidents. Explore patterns in network and system activity via log correlation using security tools. Manage and perform forensics and reports analysis per identified reporting procedures. Configure, manage, and utilize a variety of CND Tools. Must have strong knowledge in identifying attacks patterns concerning Advanced Persistent Threats (APTs) and their Tactics Techniques and Procedures (TTPs) to develop Indicators of Compromised (IOCs) that can be applied to current and future investigations.

Computer Network Defense Incident Responders must possess a thorough understanding of the Six Steps of Incident Response, the MITRE ATT&CK framework and the Cyber Kill Chain model; and all aspects of computer and network security, including such areas as firewall administration, encryption technologies and network protocols. Computer Network Defense Incident Responders need strong oral and written communication, analytical, and problem-solving skills, as well as excellent judgment and self- motivation. This position requires the ability to multitask and work well under pressure. It is important that Computer Network Defense Incident Responders keep abreast of industry security trends and developments, as well as applicable Government regulations.

Required Certifications:

Desired Certifications/Experience:

  • CCNA or MCSA
  • CYSA+, GCIA, or GCIH or CISSP
  • Q-Radar
  • CISCO SOURCEFIRE (IDS)
  • CISCO ASA Firewalls
  • Tipping Point (IPS)
  • Joint Regional Security Stack (JRSS)
  • ArcSight
  • Blue Coat Web Proxy
  • Windows Event Logs
  • PowerShell
  • PCAP analysis

Education Requirements: Higher Education Degree in Cyber Security, Computer Network Defense, or related field; or commensurate level of experience based on position level (Associate, Journeyman, Senior, etc….)

Clearance: Interim Top Secret with SCI eligibility

Shift Work: Yes; CSSP Incident Responders provide 24x7 support for the Cyber Security Service Providers (CSSP) capability during non-core business hours consistent with CSSP requirements as needed.

Travel: Less than 10%

#SCITES
#SCITESGDITReferrals

Know someone that would be a good fit for this role? GDIT is offering $10,000 external referral bonuses for referrals hired by December 31, 2020. You do not need to be a GDIT employee to be eligible. Email your referral’s resume to scitesreferrals@gdit.com.

We are offering referral bonuses for several open positions, view all qualified open positions.

View terms & conditions for eligibility requirements

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.