Cyber Defense Incident Responder Jobs

Demonstrated ability to interact effectively with senior management and leadership.

Strong written and verbal communication skills.

Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).

Knowledge of system administration, network, and operating system hardening techniques.

Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).

Knowledge of incident categories, incident responses, and timelines for responses.

Experience triaging security vulnerabilities and driving product and/or service response.

Experience in dealing with big data problems and excellent skills in data analytics with a focus on security Excellent interpersonal skills.

Lead and coordinate the response and recovery activities from information security incidents, and manage function-related business processes

Build relationships with key stakeholders across the division that can improve our security practices and response capabilities.

Manage activities across all issues throughout the incident lifecycle.

Collaborate with researchers, coordinators, and engineers to improve the protection, detection, and response capabilities of the products.

Experience using BMC Remedy or ServiceNow service management/ticketing system is desirable.

Provides knowledge and expertise in tools, techniques, countermeasures, and trends in computer and network vulnerabilities and threats.

Network Packet capture (PCAP), report writing, remote forensics, Splunk UBA and Splunk SOAR experiences are nice to have.

BS or equivalent + 5 years related experience, or MS + 3 years related experience.

Hands-on experience with Splunk Enterprise Security performing searches and reviewing log sources.

Must have recent hands-on experience with incident response life cycles including analysis, containment, eradication, recovery, and post incident activities.

Required Education and Experience Requirements:

Continuously monitor security event systems by utilizing the Enterprise Security Operation Center’s security information and event management (SIEM) tool.

Communicate and escalate issues and alerts as required by process or management.

Additional responsibilities including the support of various Enterprise Security Operations Center activities.

Must possess the following certification: Security+ certification or equivalent.

Working knowledge of security architectures and devices.

8+ years of directly relevant experience

Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations

Assist the customer training department in the education of staff on the cyber threat

Experience in computer intrusion analysis and incident response

Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures

Experience in computer evidence seizure, computer forensic analysis, and data recovery

$29.00 - $33.50 / Hourly Rate ** Experience Level Dependent **

"A la Carte" Style Benefits (Each Benefit Sold Separately)

4 Years of Experience of Cyber Policy, Operations, Guidance, or Similar..

Estimated 6 Month Contract Period

No "Paid Time Off" (Unpaid - Leave Only)

Starting Salary: $72,000 - $79,000

Coordinate and direct cyber security resources in incident detection, management, and response efforts

Minimum 3 years of professional experience in IT

Practical experience in host forensics and network analysis techniques and tools

Practical experience with malware and reverse engineering

Practical experience responding to threats in cloud platforms (AWS, Azure, Google, etc.)

Practical experience writing behavioral and static detections

Must possess project management skills to monitor tasks and provide deliverables.

Must demonstrate strong oral and written communication skills, with the ability to communicate technical topics to management and non-technical audiences.

Must possess communication skills to quickly understand program details, to work side-by-side with project managers, data experts, and analysts/programmers.

Must have experience configuring Security Orchestration, Automation, and Response tools, scripts, events, and playbooks.

Experience in SOAR, built playbook creation and SOAR tool administration.

Experience supporting security operation centers SOC.

Bachelor’s degree in a technology field preferred, or relevant experience and/or industry certification

3-6 years’ experience working in incident response and/or other IT related fields tied to networking and enterprise information system environments.

Knowledge of network protocols, enterprise architecture, cloud architecture, and common network logging functions.

In-depth experience with log analysis, malware analysis, forensic analysis.

Hands on experience with security tools, such as, Crowdstrike, Chronicle, Splunk, network forensic and packet capture tools.

Preferred experience with basic penetration testing or offensive security techniques.

Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations

Assist the customer training department in the education of staff on the cyber threat

Hands-on experience in the detection, response, mitigation, and/or reporting of cyber threats affecting client networks

Experience in computer intrusion analysis and incident response

Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures

Experience in computer evidence seizure, computer forensic analysis, and data recovery

Proven influencing and relationship management skills

Utilize strong analytical and malware analysis skills skills built on a proven network security background with knowledge of associated tools

6-10 years' experience as it relates to the below qualifications

Experience with Firewalls, Intrusion Detection/Prevention Systems, custom signature development skills

Identify new requirements and enhancements to standards, tools, and processes

Assist with responsibilities over the technical strategy for an area, technical integrity of process, operations, and associated results

Builds relationships with internal business partners such as Finance, Legal, HR to help guide them during security incidents

Partners with engineering and delivery teams to implement capabilities that protect Ross.

Knowledge of industry standard frameworks as NIST, ISO, PCI, SOX, HIPAA.

Building Effective Teams (for managers of People and/or Projects)

Developing Talent (for managers of People)

Strong influencing skills, both within the IT organization and business units

Strong computer networking skills and experience with network firewalls.

Strong experience with network security monitoring, threat hunting, network packet analysis, malware analysis, signature development, and shell scripting.

Troubleshooting skills in problems with software and hardware.

Possess a working knowledge of computer network modeling software.

Possess a working knowledge of computer network vulnerability and compliance scanning/analysis software (e.g. Nessus).

Experience conducting vulnerability-based network security assessments

Minimum Requirements (Knowledge, Skills, and Abilities):

** NOTE: An equivalent combination of experience, education and/or training may be substituted for the listed requirements.

Project Management - Ability to complete a project action item.

Support peers and senior personnel with documentation, metrics and security program initiatives in a force multiplier role.

Analyze reports, dashboards, and alerts to provide operational oversight of the security posture of the enterprise environment.

Data Loss Prevention - Ability to work with teams in the event of a privacy risk incident