The CND-Incident Response Analyst will identify, isolate, investigate, inform, and implement measures to detect and protect data across a wide spectrum of source types and locations. The CND-Incident Response Analyst is required to validate suspicious events or reports and determine if the event constitutes an incident. The CND-Incident Response Analyst will ensure incidents are properly entered into the appropriate automated reporting system and determine the severity of the incident. Reporting and response measures will be taken immediately in order to meet the Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01 reporting requirements. The CND-Incident Response Analyst must have in depth technical expertise with packet analysis, system log analysis, SNORT / Suricata / BRO development and implementation.
Ensure associated documentation and capabilities remain compliant with CJCSM 6510.01A and other applicable policy directives.
Provide network intrusion detection and monitoring, correlation analysis, incident response and support for the Network Security Operations Center (NSOC) and its subscriber sites.
Validate suspicious events or reports and determine if the event constitutes an incident and properly enter associated data into the appropriate automated reporting systems.
Provide coordination of significant incidents with CYBERCOM and supported entities to ensure proper analysis is performed and timely and accurate reporting of the incident is affected.
Provide, develop, and maintain a forensic capability to enhance response to, support of, and investigation into significant network incidents in order to provide a clearer view of the exploits, vulnerabilities, and TTPs used to cause the incident.
Provide support for the NSOC’s Incident Response 24x7 support capability during non-core business hours consistent with CNDSP requirements as needed.
Participate in program reviews, product evaluations, and onsite certification evaluations.
Bachelor’s degree in Computer Science, Information Systems, or other related scientific or technical discipline.
To qualify based on your experience, your resume must describe at least 5 years of information technology experience and a minimum of 2-3 years of network security analysis using various IDS/IPS systems.
Active Secret clearance, upgradable to Top Secret/SCI Clearance Required
8570.01-M CND Incident Responder Category IAT I, II or III Certification Required
Excellent oral and written communications skills.
Familiarity with CJCSM 6510.01.
The ability to compile and maintain internal standard operating procedure (SOP) documentation.
Experience with Splunk, Flow Analysis Tools, IDS/IPS, etc.
In-depth technical expertise with packet analysis, SNORT / Suricata / BRO development and implementation.
Technical experience in reviewing and understanding systems logs to include Sysmon logs.
Familiarity with Linux at the CLI level and conducting analysis at the packet level.
The ability to ingest adversarial tactics, techniques, and procedures in order to remain flexible and functional.
Additional Information: Due to the nature of the work required, operations are conducted 24/7/365 with three primary shifts. Choice of shifts will be made available with the understanding that placement is at the discretion of the CND Services Director and/or assigned manager.
Competency in the following areas:
Knowledge of Information Technology
Knowledge of Incident Response Procedures
Knowledge of Digital Forensics
Knowledge of Packet Analysis
Knowledge of System Log Analysis (Windows and Linux)
Logical thinking and analytical ability
The ability to solve problems independently
Verbal and written communication ability
Sound decision-making ability
AbleVets LLC appreciates your interest in our company as a place of employment. We are proud to be an equal opportunity/affirmative action employer and are committed to hiring and retaining a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, genetic information, disability, veteran status, or any other protected class. AbleVets is a VEVRAA Federal Contractor.