Cyber Defense Incident Responder SME

ECS is seeking a Cyber Defense Incident Responder (SME) to work in our Huntsville, AL office. Please note: This position is contingent upon contract award.

ECS is seeking a qualified Cyber Defense Incident Responder (SME) to support cybersecurity operations for the Federal Bureau of Investigation. You will provide leadership and cyber SME support for the Digital Forensics and Incident Response (DFIR) Team, playing a crucial role in the FBI's cybersecurity defense strategy.

The DFIR team is responsible for analyzing digital evidence from computer security incidents to derive useful information in support of system and network vulnerability mitigation. The team will meticulously gather and analyze extensive datasets to bridge informational gaps associated with cyber-attacks. This involves identifying perpetrators, understanding their intrusion methods, and meticulously documenting the precise sequence of actions that compromise system integrity.

Responsibilities

• Assist in analyzing alerts, identifying true positives, and prioritizing incidents based on severity and impact.
• Conduct forensic analysis on systems and networks to determine the scope and impact of security incidents.
• Work with the watch floor to develop and refine incident response plans.
• Analyze threat intelligence feeds, indicators of compromise (IOCs), and TTPs (Tactics, Techniques, and Procedures) to identify and respond to emerging threats.
• Conduct a thorough post-incident analysis to identify root causes and vulnerabilities
• Conduct regular joint training exercises and tabletop simulations to help strengthen coordination.
• Participate in red teaming exercises to simulate real-world attacks and identify areas for improvement.
• Possess deep expertise in a variety of operating systems, including advanced knowledge of Windows, Linux, and macOS, enabling effective analysis and response across diverse technical environments.
• Exhibit a profound understanding of intricate network protocols and technologies, facilitating strategic assessments of complex network incidents and vulnerabilities.
• Highly skilled in advanced malware analysis techniques, capable of devising and executing targeted threat mitigation strategies tailored to specific organizational needs.
• Possess specialized knowledge in forensic imaging and data recovery techniques, employing innovative methodologies to effectively preserve and analyze digital evidence.
• Possess comprehensive knowledge of advanced persistent threats (APTs), including strategic foresight regarding their tactics, techniques, and procedures (TTPs) and corresponding countermeasures.
• Demonstrate advanced proficiency in a range of digital forensics tools, such as EnCase and FTK, while evaluating and implementing emerging technologies to enhance investigative capabilities.
• Mentor and develop junior staff, enhancing the overall capabilities of the DFIR team and promoting a culture of continuous improvement and excellence.

• Must have a current Top-Secret Clearance with the capability of obtaining SCI / CI-Poly if needed to meet contract requirements
• Expert experience with Splunk Enterprise Security.
• Must currently live within commuting distance to Huntsville, AL or be willing to relocate.
• Ability to work independently and as part of a team.