Electrosoft Services, Inc. is an award-winning company that provides comprehensive technology-based solutions and services to federal customers. While cybersecurity is our specialty, we also focus on ICAM, enterprise IT modernization, and software solutions. We always seek to delight our customers, so we retain highly qualified employees and offer them meaningful work, growth opportunities, and work-life balance. What sets us apart from all other contractors is the sense of teamwork our employees feel - and the knowledge that outstanding effort is recognized and rewarded. The camaraderie we share emanates from Lunch & Learn sessions where we explore new ideas together, fun group activities ranging from escape rooms to miniature golf, and much, much more. If we've described you and your dream workplace, please apply and share in the many benefits and opportunities we offer.
Cybersecurity Incident Responder
Responsibilities and Duties:
- Proactive Threat Monitoring and Incident Detection: Continuously monitor network traffic, system logs, and security alerts to identify potential threats and anomalies. This will involve utilizing a variety of security information and event management (SIEM) tools, intrusion detection systems (IDS), and other security monitoring technologies.
- Analyze security events to determine the scope, impact, and root cause of security incidents. This will require in-depth knowledge of network protocols, operating systems, and common attack vectors.
- Develop and refine detection rules and signatures to improve the efficiency and effectiveness of threat detection systems. This will involve staying abreast of the latest threat intelligence and attack techniques.
- Incident Response and Remediation: Lead and participate in incident response activities, coordinating with cross-functional teams to contain and eradicate security threats. This will include isolating affected systems, collecting forensic evidence, and implementing remediation measures.
- Develop and maintain comprehensive incident response plans and procedures, ensuring they are up-to-date and aligned with industry best practices. This will involve conducting regular tabletop exercises and simulations to test and improve incident response capabilities.
- Conduct post-incident analysis to identify vulnerabilities and improve security controls. This will include documenting lessons learned, recommending security enhancements, and contributing to the development of knowledge base articles and training materials.
- Cybersecurity Awareness and Collaboration: Collaborate with clients and project teams to enhance their cybersecurity awareness and understanding of security risks. This will involve conducting security awareness training, developing educational materials, and providing guidance on security best practices.
- Work closely with security engineers and architects to implement and maintain security controls and solutions. This will include participating in security assessments, vulnerability scans, and penetration testing activities.
- Contribute to the development and improvement of security monitoring and incident response processes and tools. This will involve staying abreast of the latest security technologies and trends and recommending improvements to existing security infrastructure.
Specific Tasks include:
- Collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
- Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
- Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat conditions and determine which security issues may have an impact on the enterprise.
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
- Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies.
Skills/Experience/Certifications:
- 5 years relevant experience
- 2 years performing root cause analysis of cybersecurity events and incidents
- Associate's degree or higher in IT or similar area.
- Working knowledge of at least at least 2 types of security tools:
- Firewall, IDS/IPS, Host based antivirus, Data loss prevention, Vulnerability Management, Forensics , Malware Analysis, Device Hardening
- Understanding of Defense-in-Depth
- Ability to build scripts and tools to enhance threat detection and incident response capabilities (Preferably in SPL, Python, PowerShell)
- Top Secret Security Clearance
- Relevant certification from a nationally recognized technical authority meeting DOD 8570.01 IAT II.
- Must possess and maintain DOD 8570.01 CNDSP/CSSP-IR certification.