Incident Manager

Responsibilities:

• Researching and compiling known resolution steps or workarounds to enable mitigation of potential Computer Network Defense incidents within the enterprise

• Applying knowledge of the tactics, techniques, and procedures of various criminal, insider, hacktivist, and nation state threat actors to identify and validate threats

• Applying cybersecurity concepts to the detection and defense of intrusions into small, and large-scale IT networks, and conduct cursory analysis of log data

• Conducting cursory analysis of log data

• Monitoring external data sources (e.g., Computer Network Defense vendor sites, Computer Emergency Response Teams CERTs , SANS, Security Focus) to maintain currency of Computer Network Defense threat condition and determine which security issues may have an impact on the enterprise

• Identifying the cause of an incident and recognizing the key elements to ask external entities when learning the background and potential infection vector of an incident

• Receiving and analyzing network alerts from various sources within the enterprise and determine possible causes of such alerts

• Tracking and documenting Computer Network Defense (CND) incidents from initial detection through final resolution

• Working with other components within the organization to obtain and coordinate information pertaining to ongoing incidents.

• Providing support during assigned shifts (M-F Day shift ) Required Skills:

• U.S. Citizenship

• Must have an active TS/SCI clearance

• Must be able to obtain DHS Suitability

• 2+ years of directly relevant experience in cyber incident management or cybersecurity operations

• Knowledge of incident response and handling methodologies

• Knowledge of the NCCIC National Cyber Incident Scoring System to be able to prioritize triaging of incident

• Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)

• Skill in recognizing and categorizing types of vulnerabilities and associated attacks

• Knowledge of basic system administration and operating system hardening techniques

• Knowledge of Computer Network Defense policies, procedures, and regulations

• Knowledge of different operational threat environments (e.g., first generation script kiddies , second generation non nation-state sponsored , and third generation nation-state sponsored )

• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code)

• Must be able to work collaboratively across physical locations Desired Skills:

• Knowledge of basic system administration and operating system hardening techniques

• Knowledge of Computer Network Defense policies, procedures, and regulations

• Knowledge of different operational threat environments (e.g., first generation script kiddies , second generation non nation-state sponsored , and third generation nation-state sponsored )

• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code) Required Education:
BS Incident Management, Operations Management, Cybersecurity or related degree. HS Diploma with 4-6 years of incident management or cyber security experience.