Cyber Security
Solutions Technology Inc. is supporting a U.S. Government customer to provide support for onsite incident response to civilian Government agencies and critical asset owners who experience cyber-attacks, providing immediate investigation and resolution. Contract personnel perform investigations to characterize the severity of breaches, develop mitigation plans, and assist with restoring services.
Responsibilities:
– Providing support to plan, coordinate, and implement the lab’s information security
– Providing support for facilitating and helping the lab identify its current security infrastructure and defining future programs, design, and implementation of security related to lab systems
– Assisting the efforts of security staff to design, develop, engineer, and implement solutions to security requirements
– Responsible for implementing and developing the DHS IT security
– Gathering and organizing technical information about the lab’s mission goals and needs, existing security products, and ongoing programs
– Performing risk analyses, which also includes risk assessment
– Providing support to plan, coordinate, and implement the lab’s information security
– Providing support for facilitating and helping the lab identify its current security infrastructure and define future programs, design, and implementation of security related to lab systems
– Possessing and applying expertise on multiple complex work assignments that are broad, requiring originality and innovation in determining how to accomplish tasks
– Can apply comprehensive knowledge across critical tasks and high-impact assignments
– Planning and leading major technology assignments
– Evaluating performance results and recommending significant changes affecting short-term project growth and success
– Functioning as a technical expert across multiple project assignments.
Information Security Manager III – 7+ years of experience
Information Security Manager II – 4-6 years of experience
Required Skills:
– U.S. Citizenship
– Must have a current TS/SCI clearance
– Must be able to obtain DHS Suitability
– Directly relevant experience in information security
– Knowledge of Computer Network Defense (CND) policies, procedures, and regulations
– Knowledge of defense-in-depth principles and network security architecture
– Knowledge of boundary protection and enclaving
– Knowledge of authentication and access management technologies
– Knowledge of several of the following areas is required: Understanding of business security practices and procedures; current security tools available; hardware/software security implementation; different communication protocols; encryption techniques/tools; familiarity with commercial products, and recent lab infrastructure technology
– Ability to serve as an Information System Security Officer (ISSO)
– Must be able to work collaboratively across physical locations.
Desired Skills:
– DHS experience
– Cybersecurity skills, including threat hunting.
– Advanced knowledge of the RMF framework
– Experience working with ATOs
Required Education:
BS Information Management, Cybersecurity, Computer Science, or related degree; or HS Diploma and information security experience.
Desired Certifications:
CISSO, CISM, CISSP
The DHS’s Hunt and Incident Response Team (HIRT) secures the Nation’s cyber and communications infrastructure. HIRT provides DHS’s front-line response for cyber incidents and proactively hunting for malicious cyber activity. Performs HIRT investigations to develop a preliminary diagnosis of the severity of breaches. Provides HIRT remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities. Contract personnel provide front-line response for digital forensics/incident response (DFIR) and proactively hunt for malicious cyber activity.
Responsibilities:
– Assisting Federal leads with overseeing and leading forensic teams at onsite engagements by coordinating evidence collection operations
– Providing technical assistance on digital evidence matters and forensic investigative techniques to appropriate personnel when necessary
– Writing in-depth reports, supporting with peer reviews, and providing quality assurance reviews for junior personnel
– Supporting forensic analysis and mentoring/guiding others on data collection, analysis, and reporting in support of onsite engagements.
– Assisting with leading and coordinating forensic teams in preliminary investigation
– Planning, coordinating, and directing the inventory, examination, and comprehensive technical analysis of computer-related evidence
– Distilling analytic findings into executive summaries and in-depth technical reports
– Serving as technical forensics liaison to stakeholders and explaining investigation details, including forensic methodologies and protocols
– Tracking and documenting on-site incident response activities and providing updates to leadership throughout the engagement
– Evaluating, extracting, and analyzing suspected malicious code
Host-Based Systems Analyst IV – 10+ years of network investigations experience.
Required Skills:
– U.S. Citizenship
– Must have an active TS/SCI clearance
– Must be able to obtain DHS Suitability
– Directly relevant experience in cyber forensic investigations using leading-edge technologies and industry-standard forensic tools
– Ability to create forensically sound duplicates of evidence (forensic images)
– Able to write cyber investigative reports documenting digital forensics findings
– Experience with the analysis and characterization of cyber attacks
– Experience with proper evidence handling procedures and chain of custody protocols
– Skilled in identifying different classes of attacks and attack stages
– Knowledge of system and application security threats and vulnerabilities
– Knowledgeable in proactive analysis of systems and networks, including creating trust levels of critical resources
– Must be able to work collaboratively across physical locations.
Desired Skills:
— Experience with or knowledge of two or more of the following tools:
— EnCase
— FTK
— SIFT
— X-Ways
— Volatility
— WireShark
— Sleuth Kit/Autopsy
— Splunk
— Snort
— Other EDR Tools (Crowdstrike, Carbon Black, Etc)
— Proficiency with conducting all-source research.
Required Education:
BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and host or digital forensics experience
Desired Certifications:
– GCFA, GCFE, EnCE, CCE, CFCE, CISSP
Job Description:
The position of Incident Manager is vital to the smooth and reliable functioning of operations. As the Incident Manager, you will coordinate and lead the response to critical incidents that may affect government agencies and asset owners targeted by cyber-attacks. Your primary duties include conducting immediate investigations to evaluate the extent of the breach, devising plans to mitigate the issue, and providing assistance in recovering services. Your ultimate objective is to resolve the problem as quickly as possible, minimize any disruption, and prevent similar incidents from happening in the future. Your role is of utmost importance in ensuring the security of the organization’s assets and maintaining its reputation.
Responsibilities:
- Researching and compiling known steps to mitigate potential Computer Network Defense incidents within the enterprise.
- Identifying and validating threats by applying knowledge of various threat actors’ tactics, techniques, and procedures, including criminal, insider, hacktivist, and nation-state.
- Conducting cursory log data analysis and using cybersecurity concepts to detect and defend against intrusions into small and large-scale IT networks.
- Monitoring external data sources (e.g., Computer Network Defense vendor sites, Computer Emergency Response Teams [CERTs], SANS, Security Focus) to maintain currency of Computer Network Defense threat condition and determine which security issues may have an impact on the enterprise
- Identifying the cause of an incident and recognizing the key elements to ask external entities when learning the background and potential infection vector of an incident
- Receiving and analyzing network alerts from various sources within the enterprise and determining possible causes of such alerts
- Tracking and documenting Computer Network Defense (CND) incidents from initial detection through final resolution
- Working with other components within the organization to obtain and coordinate information on ongoing incidents
Incident Manager III – 7+ years of experience
Incident Manager II – 4-6 years of experience
Required Skills:
- US Citizenship
- Must have an active TS/SCI clearance and be able to obtain DHS Suitability
- Directly relevant experience in cyber incident management or cybersecurity operations
- Knowledge of incident response and handling methodologies
- Knowledge of the NCCIC National Cyber Incident Scoring System
- Understanding general attack stages (e.g., footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)
Required Education:
BS Incident Management, Operations Management, Cybersecurity or related degree. HS Diploma with incident management or cyber security experience.
As a Network-Based Systems Analyst, you will provide advanced technical assistance remotely and on-site. You will also be responsible for proactive threat hunting and rapid incident response, utilizing host-based, network-based, and cloud-based cybersecurity analysis capabilities.
Our dynamic team specializes in digital forensics and incident response, proactively focusing on identifying malicious cyber activities. We seek Cyber Network Defense Analysts (CNDA) to contribute to this vital mission. As a CNDA, your primary responsibilities will involve vigilant monitoring of network activity and the comprehensive analysis of data from various sources to detect anomalies or suspicious behavior. Your core duty is to swiftly identify and report events that could compromise the security of information, information systems, and networks, thus safeguarding them from potential threats.
Network-Based Systems Analyst IV – 10+ years of experience
Network-Based Systems Analyst III – 7 – 9 years of experience
Network-Based Systems Analyst II – 4+ years of experience
Required Skills:
– U.S. Citizenship
– Active TS/SCI clearance
– Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability
– directly relevant experience in cyber defense analysis using leading-edge technologies and industry-standard cyber defense tools
– Experience successfully developing and deploying signatures
– Experience detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort)
– Experience implementing incident handling methodologies
– Experience implementing protocol analyzers
– Experience collecting data from a variety of cyber defense resources
– Experience reading and interpreting signatures (e.g., snort)
– Experience performing packet-level analysis
– Experience conducting trend analysis
Required Education:
BS Computer Science, Cyber Security, Computer Engineering, or related degree; or HS Diploma and network investigations experience.
Desired Certifications:
One or more of the following professional certifications: GNFA, GCIH, GCIA, GSEC, CASP+, CySA+, PaLMS, FedVTE • GSEC (SANS401), Arcsight (or other SEIM solution), Network+, Security+
Responsible for collaborating with Incident Management teams to create and assess technical communications, such as cybersecurity documentation, operational procedures, plans, action reports, and meeting minutes.
- This involves creating, reviewing, editing, and keeping up-to-date technical documents for programs, including standard operating procedures, work instructions, CONOPS, and internal team messages.
- Keeping track of team engagement reports by creating and organizing statistical diagrams and charts.
Required Skills:
- U.S. Citizenship
- Must have an active TS/SCI
- Must be able to obtain DHS Suitability
- 5+ years of technical writing experience, including developing cybersecurity communications deliverables such as documentation, plans, action reports, and meeting minutes for internal and external audiences
- Experience with creating and maintaining government records associated with cybersecurity activities, documentation, and SOPs
- Ability to work with technical cyber analysts to evaluate material and break it down into concise, compelling narrative that engages the reader
- Ability to work under pressure with engagement leads, technical analysts, and subject matter experts in a fast-paced cybersecurity environment to ensure timely product release