BE A SPARK IN OUR INDUSTRY
JOIN THE METRONOME FAMILY
Every individual has unique passions, career goals, and personal values. We are here to make the connection between those and the needs of our customers. When the stars align, we welcome our new employees - or Pulsers as we like to call them - to the family. We offer competitive benefits to ensure that our Pulsers are well taken care of for whatever comes their way.
Incident Response Analyst III
- Job Title
- Incident Response Analyst III
- Requirement ID
- Washington, DC
- Other Location
The Incident Response Analyst candidate will work on a team supporting a highly visible cyber security single-award IDIQ vehicle that provides security operations center (SOC) support, cyber analysis, application development, and a 24x7x365 support staff.
- Lead, support, coordinate and acting as the initial point of contact for security operations floor activities.
- Develop, maintain, tune, and monitor cyber security content for detection and prevention capabilities.
- Support investigating computer and information security incidents to determine extent of compromise to information and automated information systems, providing network forensic and intrusion detection support to high technology investigations in the form of researching and maintaining proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
- Lead and mentor other SOC Support Staff and will communicate with executive leadership regarding matters of significant importance to the Customer SOC Support Services Program.
- Work with the Incident Response team to conduct forensics on potential malware and confirm as a threat or false positive.
- If malware is confirmed, work with the Incident Response and Email teams to conduct sweeps across the federated Customer organization to eliminate the threat and update policy enforcement points
- Work with the Splunk team to implement, enhance, or change existing use cases
- Pivot on the forensic data working with the Cyber Threat Intelligence team to determine if the malware is part of a larger campaign, how the Customer is being targeted and take any further remediation required
- Monitor and conduct investigations for SIEM network alerts for potential cyber intrusions
- Contribute to Incident Response investigations working with the Incident Response team
- Potentially travel to other Customer locations (1-3 times/year) to support Incident Response investigations
- Required Skills
• Masters in a relevant field with 10+ years of experience.
• Expertise in monitoring and detection, and incident response to support detection, containment, and eradication of malicious activities targeting customer networks.
• Must Have One or More of the Following Certifications:
SANS GIAC: GCIA, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIH
ISC2: CCFP, CCSP, CISSP CERT CSIH
EC Council: CHFI, LPT, ECSA
Offensive Security: OSCP, OSCE, OSWP and OSEE
Defense Cyber Investigative Training Academy: FTK WFE-FTK, CIRC, WFE-E-CI, FIW
Active US Government Security Clearance Required.