Contact Us | Falcon IT & Staffing Solutions

Senior Cyber Incident Manager

Job Title
Senior Cyber Incident Manager
Job ID
27490069
Location
Arlington,  VA
Other Location
Description

Senior Cyber Incident Manager

Agency/Project: DoD

Location: Arlington, VA

Salary Range: $85000 - $95000

Clearance Required: TS/SCI

 

 

Is Overtime Required:

Yes

X

No

 

Potential

 

Weekend Work Required?

Yes

X

No

 

Potential

 

On Call?

Yes

 

No

 

Potential

X

Travel Required?

Yes

 

No

 

Potential

X

Access to Personal Data?

Yes

 

No

 

Potential

X

 

 

Work Hours:

 

SHIFT 2 - 2:00 PM - 10:30 PM ET or 10:00 PM - 6:30 AM ET and 12-hour weekend shifts

Start Date: ASAP

 

Task Description:

 

Responsibilities: - Correlating incident data to identify specific trends in reported incidents - Recommending defense in depth principles and practices (i.e. Defense in Multiple Places, layered defenses, security robustness, etc.) - Performing Computer Network Defense incident triage to include determining scope, urgency, and potential impact - Researching and compiling known resolution steps or workarounds to enable mitigation of potential Computer Network Defense incidents - Applying knowledge of the tactics, techniques, and procedures of various criminal, insider, hacktivist, and nation state threat actors to identify and validate threats - Applying cybersecurity concepts to the detection and defense of intrusions into small, and large-scale IT networks - Monitoring external data sources (e.g., Computer Network Defense vendor sites, Computer Emergency Response Teams [CERTs], SANS, Security Focus) to maintain currency of Computer Network Defense threat conditions - Identifying the cause of an incident and recognizing the key elements to ask external entities when learning the background and potential infection vector of an incident, - Receiving and analyzing network alerts from various sources within the enterprise and determine possible causes - Tracking and documenting Computer Network Defense (CND) incidents from initial detection through final resolution - Providing support during assigned shifts (2:00 PM - 10:30 PM ET or 10:00 PM - 6:30 AM ET and 12 hour weekend shifts)

 

Required skills/Level of Experience:

 

U.S. Citizenship - Must have an active TS/SCI clearance - Must be able to obtain DHS Suitability - 5+ years of directly relevant experience in cyber incident management or cybersecurity operations - Knowledge of incident response and handling methodologies - Having close familiarity with NIST 800-62 (latest revision), and FISMA standards as they pertain to reporting incidents. - Knowledge of the NCCIC National Cyber Incident Scoring System to be able to prioritize triaging of incident - Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.) - Skill in recognizing and categorizing types of vulnerabilities and associated attacks - Knowledge of basic system administration and operating system hardening techniques - Knowledge of Computer Network Defense policies, procedures, and regulations - Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored]) - Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code).

 

 

            .

PLEASE NOTE:

Required Education: BS Incident Management, Operations Management, Cybersecurity or related degree. Two years of related work experience may be substituted for each year of degree level education.

 

Certifications: GCIH, GCFA GISP, GCED, CCFP or CISSP

 

Security clearance:  United States Citizen and Residency Requirement Plus Active Top Secret/SCI

 

 

#LI-KB1

Option 1: Create a New Profile