Cyber Security Incident Response Analyst

Date Posted: 
Friday, May 25, 2018 to Friday, June 15, 2018
Job Type: 
Full Time
Job Location: 
Rockville, MD

 

Position Description:

ASSYST's county government customer expanding their Information Security Incident Response program. Our Information Assurance and Cyber Security Practice (http://assyst.net/services/information-assurance) is seeking a qualified Cyber Security Incident Response Analyst to support this customer requirement. ASSYST is currently managing Cyber initiatives for various customers including Federal, State and Local governments. Our end to end services cover architecture, design, policy, monitoring, detection, remediation, compliance, awareness and training.

 

Chosen individual will be working in a high impact mission-critical network security environment providing technical expertise, and leadership to cyber security investigations. Analyst will work as a member of the Enterprise Information Security Office (EISO) Cyber Security Incident Response Team whose mission it is to provide rapid, accurate, and effective identification containment, and remediation of cyber intrusions into the County’s network.

 

Roles and Responsibilities:

  • Participate in an operation that monitors for and responds to security events on County's networks, including working with external entities, where necessary.
  • Systematically and promptly respond to information security incidents, including internal and external events and targeted threats.
  • Develop internal tools used to respond to incidents (e.g., diagnostic and forensic toolkits) or recommend the purchase of specific tools to support County’s unique environment
  • Identify and execute on projects that improve our incident detection and response capabilities
  • Contractor will prepare recommendations, including language where appropriate, for updates to or creation of incident response procedures.
  • Act as the primary point person for written/verbal communications associated with the Incident Response Life Cycle at all levels. 

 

Qualifications:

  • Bachelor's Degree in Computer Science, Engineering or Management 
  • One or more certifications in information security such as CISSP will be advantageous.
  • Minimum three years of experience as a Subject Matter Expertise (SME) Cyber Security domain, defined as having academic knowledge combined with practical experience.
  • Must have verifiable experience as being agile, willing to learn, ability to teach others and capable of thinking outside the box in order to operate effectively in an ever changing threat landscape.
  • Network Fundamentals – Minimum of three (3) years of experience in the basic concepts of computer networking from an enterprise information security perspective. 
  • Log File Analysis – experience in utilizing log files from a variety of sources to include host logs, network traffic logs, firewall logs, and/or intrusion prevention logs as part of the Incident Response life cycle. 
  • Incident Detection/Response Tools – experience in working as part of a teams in the use of Incident Detection/Response Tools such as Splunk, SNORT IDS, Alien Vault SIEM, Kali Linux, Nmap, and/or Wireshark. 
  • Advanced Threat – experience in demonstrating understanding of attack signatures, tactics, techniques, and procedures associated with advanced threats.
  • Incident Response Life Cycle Execution – experience executing the full Incident Response life cycle
  • Incident Response Workflow/Processes – experienced in utilizing and adhering to defined workflow and processes driving the Incident Response identification/mitigation/remediation efforts within a Security Operation Center.
  • Technical Analysis Participation – experienced in participating in the identification of impacted systems to determine impact, scope, and priority determination.
  • Documentation/Artifacts Collection – experienced in collecting supporting information and/or relevant artifacts from Incident Response Team members regarding Incident Response activities.
  • Cyber Threat Documentation – experienced in documenting cyber threat analysis results and subsequent remediation/recovery in an effective and consistent manner. 
  • Incident Response Escalation/Hand off - experienced in escalating and appropriately handing off to team members and leadership based on defined threat and priority determination.

 

We are proud to offer a robust benefits package including medical, dental, vision, 401(k) retirement plan, employee stock ownership plan, disability insurance, flexible spending accounts and more in order for our employees to maintain a secure work/life balance. 

 

ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law.

Contact
Shafeeq Rahman