CND Incident Response Analyst - Secret - Tampa, FL

Clearance Level
Secret
Category
Systems Engineering
Location
MacDill AFB, Florida

REQ#: RQ47852

Travel Required: Less than 10%

CND Incident Response Analyst
Secret
Tampa, FL

US Battlefield Information Collection and Exploitation System eXtended (US BICES-X) is a cutting edge program supporting DoD intelligence information sharing on current and emerging global threats to mission and coalition partners and emerging nations. With an internationally dispersed team supporting each combatant command, the US BICES-X team is in direct support of the warfighter and their missions. We are seeking a creative and driven professional with a passion for solving real world issues on a cross-functional, fast paced team.

Mission Statement: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.

Responsibilities

  • Monitor and create Splunk alerts
  • Monitor HBSS
  • Monitor and create Fidelis alerts
  • Monitor and create IDS rules
  • Monitor and updates Splunk ES and SIEM.
  • Monitor FW Logs and FW Blocks
  • Develop Indicators for detections using Splunk, Fidelis, etc...
  • Monitor Network Flows
  • Review Device Logs
  • Monitor DCO and Cybercom chat rooms for new indicators
  • Initial Triage for Detected Incidents
  • Daily Status report for Open Incidents
  • Maintain Daily Operations Log for Incident Detection
  • Should have a good understanding how to build dashboards and custom queries in but not limited to HBSS, ACAS, Fidelis, IDS systems Incident Response
  • Assist and train Detection analysts on incident response actions
  • Provide Incident Detection through understand malware and how to defend and mitigate infections. Triage malware, extracting relevant host and network-based indicators from malware samples.
  • Complete all triage and Incident Response actions IAW US BICES Policies and leadership guidance.
  • Work with Program Office Divisions (And other units as needed), to remediate incidents, acquire the 5w’s and ensure the incident has been rectified and documented appropriately.
  • Work with the Information Assurance Team, Security manager and GOVT ISSM to ensure any Data Spills are handled appropriately. Manage the data 
  • Spill Process, working with external agencies as required to ensure cleanup and mitigation is accomplished within required times as set out by government.
  • Produce Daily Status updates on all Open Incidents and report appropriately in US BICES ITSM systems and portals. Document and manage incident cases in our case management systems and meet all program SLA’s.
  • Produce AAR for all closed Incidents.
  • Remotely access machines to remove unauthorized software, malware eradication
  • Assist in the development and stand up of the incident response division
  • Coordinate with and provide expert technical support to enterprise-wide computer network defense (CND) technicians to resolve CND incidents
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
  • Receive and analyze network alerts from various sources within the enterprise and determine ​
  • Manage alerts, dashboards, and reports from the Security Incident Event Manager (SIEM).
  • Work with vendors to ensure the CND Tool suits detect and capture required cyber incidents, to include latest industry threats and zero-days, ETC….
  • Review intelligent reports and provide daily Cyber Assessment on the impact to US BICES networks.
  • Recognize and codify attacker tools, tactics, and procedures (TTPs) in indicators of compromise (IOCs) that can be applied to current and future investigations
  • Utilize network and endpoint defensive tools to identify and analyze potential breaches or threat activity
  • Research and develop methods of tracking and detecting malicious activity within a network
  • Be available for after-hours support when required.  Incident response is a vital positions to respond to critical cyber-attacks and our Enterprise is a 2/7 operation. 
  • Participate in "hunt missions" using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect and eradicate threat actors and protection teams on customer’s networks
  • Continuously improve processes for use across multiple detection sets for more efficient operations

Other Responsibilities:

  • Manage Incidents from Detect team and complete all actions.
  • Work with Program Office Divisions (And other units as needed), to remediate incidents, acquire the 5w’s and ensure the incident has been rectified and documented appropriately in accordance with approved Standard Operating Procedures.
  • Work with the Information Assurance Team, Security manager and GOVT ISSM to ensure any Data Spills are handled appropriately. Manage the Data Spill Process, working with external agencies as required to ensure cleanup and mitigation is accomplished within required times as set out by government.
  • Assist in the development of incident response documentation and SOPs
  • Produce AAR for all closed Incidents.
  • Remotely access machines to remove unauthorized software, malware eradication…

Qualifications

Required Qualifications:

8+ years of related experience in data security administration. Must possess a Secret Clearance, program will hold a SCI if already current. Must meet DoD 8570 requirements and be eligible for IAT level II and CDSP Incident Reponse access upon hire for positions with elevated privileges and must obtain ITIL V3 Foundation within six months of hire. Comprehensive knowledge of data security administration principles, methods, and techniques. Certification in one or more specific technologies may be required, depending on job assignment. Requires familiarity with domain structures, user authentication, and digital signatures. Requires understanding of firewall theory and configuration. Requires understanding of DHS/DoD policies and procedures, including FIPS 199, FIPS 200, NIST 800-53, DHS 4300A SSH and other applicable policies.

For more than 50 years, General Dynamics Information Technology has served as a trusted provider of information technology, systems engineering, training and professional services to customers across federal, state, and local governments, and in the commercial sector. Over 40,000 GDIT professionals deliver enterprise solutions, manage mission-critical IT programs and provide mission support services worldwide. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.

#dpost #cjobs #cjpost #isdcj #GDITRecruiter #BICES

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.