Incident Response Expert III

Responsibilities: - Serves as hunt and incident response subject matter expert (SME), applying in-depth knowledge of threat actor (TA) tools, techniques, and procedures (TTPs)

- Distills analytic findings into executive summaries and in-depth technical report

- Provide expert support, analysis, and research with only broad direction into exceptionally complex problems and processes relating to the subject matter as it relates to hunt and incident response activities

- Serves as technical expert on high-level incident response teams providing technical direction, interpretation, and alternatives

- Exercises considerable latitude in determining technical objectives of an assignment or task at hand

- Independently develops technical solutions to complex problems that require the regular use of ingenuity and creativity

- Analyzes incident data and victim environments to recommend targeted mitigations

- Advise technical personnel on countermeasure implementation and customization

- Supports internal stakeholders on containment and eradication missions

- Documents analysis in a standardized knowledgebase for sharing and publication

- Assists in maintaining branch process and procedure documentation

- Guides to the completion of hunt and incident response activities

Required Skills:

- U.S. Citizenship

- Must have an active TS/SCI clearance

- Must be able to obtain DHS Suitability

- 5+ years of directly relevant experience in expertise

- Must be able to travel domestically on short notice

- Strong understanding of network architecture/security

- Experience performing cyber incident response

- Ability to think independently

- Demonstrates superior written and oral communication skills

- Must be able to work collaboratively across physical locations

- Skilled in identifying different classes of attacks and attack stages

- Understanding of system and application security threats and vulnerabilities

- Understanding of proactive analysis of systems and networks, to include creating trust levels of critical resources

- Proficiency with common operating systems (e.g. Linux/Unix, Windows)

Desired Skills:

- Experience leading and mentoring technical teams

- Knowledge of Computer Network Defense policies, procedures and regulations

- Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation-state sponsored], and third generation [nation-state sponsored])

- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code)

- Network and System administration experience

- Strong understanding of adversarial tactics/techniques/procedures (TTPs)

- Experience with Identity and Access Management (IAM) tools

- Ability to review and analyze Enterprise Architecture (EA) from a security perspective

- Understanding of cyber defense-in-depth principles

- Hands-on skill in host/network intrusion detection

- Ability to perform event correlation

- Experience with malicious activity analysis

- Ability to collaborate with stakeholders at multiple levels within an organization

Required Education:

BS Computer Science, Cyber Security, Computer Engineering, or related degree; or HS Diploma & 7+ years of technical experience in expertise.

Desired Certifications: One or more - DoD 8140.01 IAT Level II, IASAE II, CSSP Analyst - DoD 8140.01 GCIA, GCIH, CSSP Analyst/CSSP Incident Responder - DoD 8140.01 CEH, CSSP Analyst - SANS GIAC GNFA preferred - SANS GRID, GICSP, or GCIP a plus