Incident Response Analyst (CSSP Incident Responder) - Doral

Clearance Level Must Be Able to Obtain:

Top Secret/SCI Suitability:No Suitability Required Public Trust/Other Required: Job Family:Systems Analysis Job Description:Primary Responsibilities Incident Response Analyst (CSSP Incident Responder) validate suspicious events or reports and determine if the event constitutes an incident, identify the scope of the attacks, isolate the responsible agents, and implement detection capabilities/counter measurements. Perform network and host-based digital forensics on Microsoft Windows based systems and other operating systems as necessary to enhance response to, support of, and investigation into significant network incidents. Explore patterns in network and system activity via log correlation using security tools. Manage and perform forensics and reports analysis per identified reporting procedures. Configure, manage, and utilize a variety of CND Tools. Must have strong knowledge in identifying attacks patterns concerning Advanced Persistent Threats (APTs) and their Tactics Techniques and Procedures (TTPs) to develop Indicators of Compromised (IOCs) that can be applied to current and future investigations. Computer Network Defense Incident Responders must possess a thorough understanding of the Six Steps of Incident Response, the MITRE ATT&CK framework and the Cyber Kill Chain model; and all aspects of computer and network security, including such areas as firewall administration, encryption technologies and network protocols. Computer Network Defense Incident Responders need strong oral and written communication, analytical, and problem-solving skills, as well as excellent judgment and self- motivation. This position requires the ability to multitask and work well under pressure. It is important that Computer Network Defense Incident Responders keep abreast of industry security trends and developments, as well as applicable Government regulations. Required Certifications: - 8570 Compliance (CSSP Incident Responder): https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications/ Desired Certifications/Experience: - CCNA or MCSA - CYSA+, GCIA, or GCIH or CISSP - Q-Radar - CISCO SOURCEFIRE (IDS) - CISCO ASA Firewalls - Tipping Point (IPS) - Joint Regional Security Stack (JRSS) - ArcSight - Blue Coat Web Proxy - Windows Event Logs - PowerShell - PCAP analysis Education Requirements: Higher Education Degree in Cyber Security, Computer Network Defense, or related field; or commensurate level of experience based on position level (Associate, Journeyman, Senior, etc….) Clearance: Interim Top Secret with SCI eligibility Shift Work: Yes; CSSP Incident Responders provide 24x7 support for the Cyber Security Service Providers (CSSP) capability during non-core business hours consistent with CSSP requirements as needed. Travel: Less than 10% #SCITES #SCITESGDITReferrals Know someone that would be a good fit for this role? GDIT is offering $10,000 external referral bonuses for referrals hired by December 31, 2020. You do not need to be a GDIT employee to be eligible. Email your referral’s resume to scitesreferrals@gdit.com. We are offering referral bonuses for several open positions, view all qualified open positions. View terms & conditions for eligibility requirements