Cyber Defense Analysts - Mid

ECS is seeking a Cyber Defense Incident Responder – Mid to work in our Washington, DC office.

• Coordinate incident response functions.

• Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.

• Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.

• Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.

• Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation.

• Perform cyber defense trend analysis and reporting.

• Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.

• Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).

• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.

• Track and document cyber defense incidents from initial detection through final resolution.

• Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).

Salary Range: $89,000 - $116,000

General Description of Benefits

• Strong written and verbal communication skills.

• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).

• Knowledge of system administration, network, and operating system hardening techniques.

• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).

• Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.

• Demonstrated ability to interact effectively with senior management and leadership.

• Ability to design incident response for cloud service models.

• Knowledge of incident categories, incident responses, and timelines for responses.

• Knowledge of incident response and handling methodologies.

• Knowledge of the common networking and routing protocols (e.g., TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.

• Knowledge of Application Security Risks (e.g., Open Web Application Security Project Top 10 list)

• Bachelor's degree or higher

• 5 years' experience in Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling

• Must have, or be able to obtain within 3 months, one of the following certifications: CERT Certified Computer Security Incident Handler (CSIH), ECC Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), GIAC Information Security Fundamentals (GISF), or ISC2 Certified Information System Security Professional (CISSP).

• Active Secret clearance