Careers - Metronome
Careers

BE A SPARK IN OUR INDUSTRY
JOIN THE METRONOME FAMILY


Every individual has unique passions, career goals, and personal values. We are here to make the connection between those and the needs of our customers. When the stars align, we welcome our new employees - or Pulsers as we like to call them - to the family. We offer competitive benefits to ensure that our Pulsers are well taken care of for whatever comes their way.


Incident Response Analyst III

Job Title
Incident Response Analyst III
Requirement ID
27240914
Location
Washington,  DC
Other Location
Description

The Incident Response Analyst candidate will work on a team supporting a highly visible cyber security single-award IDIQ vehicle that provides security operations center (SOC) support, cyber analysis, application development, and a 24x7x365 support staff. 

Duties Include:

  • Lead, support, coordinate and acting as the initial point of contact for security operations floor activities.
  • Develop, maintain, tune, and monitor cyber security content for detection and prevention capabilities.
  • Support investigating computer and information security incidents to determine extent of compromise to information and automated information systems, providing network forensic and intrusion detection support to high technology investigations in the form of researching and maintaining proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
  • Lead and mentor other SOC Support Staff and will communicate with executive leadership regarding matters of significant importance to the Customer SOC Support Services Program.
  • Work with the Incident Response team to conduct forensics on potential malware and confirm as a threat or false positive. 
    • If malware is confirmed, work with the Incident Response and Email teams to conduct sweeps across the federated Customer organization to eliminate the threat and update policy enforcement points 
  • Work with the Splunk team to implement, enhance, or change existing use cases 
  • Pivot on the forensic data working with the Cyber Threat Intelligence team to determine if the malware is part of a larger campaign, how the Customer is being targeted and take any further remediation required
  • Monitor and conduct investigations for SIEM network alerts for potential cyber intrusions 
  • Contribute to Incident Response investigations working with the Incident Response team 
  • Potentially travel to other Customer locations (1-3 times/year) to support Incident Response investigations 
Required Skills

• Masters in a relevant field with 10+ years of experience.

• Expertise in monitoring and detection, and incident response to support detection, containment, and eradication of malicious activities targeting customer networks.

• Must Have One or More of the Following Certifications:
SANS GIAC: GCIA, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIH
ISC2: CCFP, CCSP, CISSP CERT CSIH
EC Council: CHFI, LPT, ECSA
Offensive Security: OSCP, OSCE, OSWP and OSEE
EnCase: EnCE
Defense Cyber Investigative Training Academy: FTK WFE-FTK, CIRC, WFE-E-CI, FIW

Clearance:
Active US Government Security Clearance Required.
Openings
1

Option 1: Create a New Profile


An Equal Opportunity Employer: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. Metronome is committed to providing reasonable accommodations to employees and applicants for employment, to assure that individuals with disabilities enjoy full access to equal employment opportunity (EEO). Metronome shall provide reasonable accommodations for the known physical or mental limitations of qualified employees and applicants with disabilities, unless Metronome can demonstrate that a particular accommodation would impose an undue hardship on business operations. Applicants requesting a reasonable accommodation may make a request by contacting us.