Incident Handler

Who We Are NetCentrics proudly holds a distinguished position as a leader in cybersecurity, cloud, digital transformation, and mission support. With an esteemed clientele that includes the DoD, DHS, Federal Civilian Agencies, and the Intelligence Community, our impact on national security is undeniable. We are a diverse group of intellectually curious people, solving hard problems, and living by our core values while bonded by the shared vision to secure our nation - join us. The Opportunity: The scope of this effort is to provide support to the Naval Higher Education Information Technology Consortium (NHEITC) Cybersecurity Operations Center (CSOC), located in Monterey, CA in the areas of Computer Network Defense, Incident Response, Management, Forensics, Vulnerability Analysis, Risk Management Training, Framework, Cybersecurity Incident Handling and Management, Zero Trust Architecture Defense, Security Engineering, Cyber Threat Intelligence Services, Continuity of Operations for CSOC Services, Academic Program Support, Research Program Support and Contractor Training Requirements. As the Incident Handler Principal (IH-P) Subject Matter Expert (SME) you need to be well versed in the design, deployment, implementation, and maintenance of Zero Trust Architecture (ZTA) informing security events, assessments, and security design consultation, with a focus on Identity Access Management (IAM) in support of ZTA. Key Responsibilities: Design, operate, maintain, and expand network, workstation, and server logging functions in support of incident management including development and growth of centralized log collection and analysis databases (Splunk). Perform analysis of log files from a variety of sources within the enclave, to include individual host logs, network traffic logs, firewall logs, and intrusion detection system logs, characterize and analyze network traffic to identify anomalous activity and potential threats to network resources. In accordance with industry standards (NIST 800-61r2, ITIL): Receive and analyze network alerts from various sources and determine possible causes with validation in coordination with ITACS staff. Perform incident handling triage to include determining scope, urgency, and potential impact. Investigate network intrusion events, with the flexibility of calling in additional on-site personnel if necessary. Perform event correlation using information gathered from a variety of sources to gain situational awareness and determine an observed attack's effectiveness. Track and document CSSP incidents from initial detection through final resolution. Construct rules or signatures which can be implemented on Cybersecurity tools in response to new or observed threats. Develop automation and orchestration to accelerate and increase precision of incident handler operations. Notify leadership, Cybersecurity managers, Cybersecurity incident responders, and other Cybersecurity team members of suspected Cybersecurity incidents and articulate the event's history, status, and potential impact for further action. Identify the specific vulnerability and make recommendations for expeditious remediation, correlate incident data and perform CSSP trend analysis and reporting, and coordinate with intelligence analysts to correlate threat assessment data. The IH-P is the most senior and is viewed as a source of guidance for Incident Handlers 1 & 2s. You will: Guide IHT1 and IHT2 personnel through problematic events/incidents ensuring robust incident handling. If meaningful, you will determine the root cause for ineffective action and remediate or direct change. Review SOPs and create updates for CSOC manager approval. Evaluate incident handler accesses for sufficiency to support full-spectrum defensive operations and brief changes for CSOC manager, ISSM, and CISO approval. Evaluate, recommend, and queue IHT1/IHT2 tool/software improvements requiring engineering support. Handle other tasks that an IH-P's level of experience and talent can complete. Experience Required: Possess technical mastery over required Knowledge, Skills, and Abilities (KSA): Knowledge of an organization's information classification program and procedures for information compromise. Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list) Knowledge of cloud service models and how those models can limit incident response. Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). Knowledge of cyber defense and information security policies, procedures, and regulations. Knowledge of cyber threats and vulnerabilities. Knowledge of cybersecurity and privacy principles. Knowledge of data backup and recovery. Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). Knowledge of an organization's information classification program and procedures for information compromise. Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list) Knowledge of cloud service models and how those models can limit incident response. Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). Knowledge of cyber defense and information security policies, procedures, and regulations. Knowledge of cyber threats and vulnerabilities. Knowledge of cybersecurity and privacy principles. Knowledge of data backup and recovery. Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). Required Qualifications/Certifications: Education: Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field. Experience: Have a minimum of seven (7) years of professional experience in incident detection and response, malware analysis, or cyber forensics. Clearance: Possess a current TS clearance with SCI eligibility. A Place Where You Belong At the heart of our organization lies a set of five core values that guide every facet of our work. "Mission First" epitomizes our unwavering commitment to our goals. "People Always" underscores the significance we place on our team's well-being and development. We continually strive to "Be Eminent" by consistently pushing the boundaries of excellence. "Embrace the Team" reflects our unwavering belief in the power of collaboration, recognizing that together, we attain greatness. With every action, we "Act with a Purpose," ensuring that our efforts contribute meaningfully to a larger mission. These values serve as the bedrock of our company culture, propelling us forward as a united and purpose-driven team. Why Join Us Join us not just to be a part of safeguarding our nation, but to be at the forefront of innovation, where your ideas and expertise play a pivotal role in shaping the future of cybersecurity and IT. Together, we're not just protecting systems; we're pioneering them. Come be a part of our team and redefine the possibilities in our industry. EEO Commitment This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status or on the basis of disability. Equal Opportunity Employer/Veterans/Disabled