top of page

Cyber Incident Responder Response Level 3 104-022

SysEng.png

See a complete list of our open positions

Apply at the Bottom of the Page

IC-CAP LLC is a Woman Owned / HUBZone Small Business working in the Department of Defense and Intelligence Community.  We are always looking for highly talented, energetic, and dynamic professionals that are interested in protecting the defense of our nation.  

Some of the positions are future positions.  Please look at the opening line of the job description to determine if this is an open or future position.

 

Our positions are not remote unless stated in the job description below.

We are looking to fill this position at the following location(s):

    Washington, DC

Job Description

Cyber Incident Responder – Response Level 3:



Performs forensic analysis of digital information and gathers and handles evidence. Identifies network computer intrusion evidence and perpetrators.




Level 3:


  • Investigates, analyzes, and responds to cyber incidents within a network environment or enclave.

  • Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur   within their environments for the purposes of mitigating threats.

  • Interprets, analyzes, and reports all events and anomalies in   accordance with computer network directives, including initiating,   responding, and reporting discovered events.

  • Evaluates, tests, recommends, coordinates, monitors, and maintains   cybersecurity policies, procedures, and systems, including access management   for hardware, firmware, and software.

  • Ensures that cybersecurity plans, controls, processes, standards, policies, and procedures are aligned with cybersecurity standards.

  • Identifies security risks and exposures, determines the causes of security violations and suggests procedures to halt future incidents and improve security.

  • Researches and evaluates new concepts and processes to improve performance. 

  • Analyzes cross-functional problem sets, identifies root causes and resolves issues.

  • Develops techniques and procedures for conducting cybersecurity risk assessments and compliance audits, the evaluation and testing of   hardware, firmware and software for possible impact on system security, and   the investigation and resolution of security incidents such as intrusion, frauds, attacks or leaks.

  • May coach and provide guidance to less-experienced professionals.

  • May serve as a team or task lead.




Job Description:


  • Responsible for strengthening the defensive posture and cyber defense operational readiness of an IT Enterprise. Our program defends and protects Government assets

  • from external Cyber Security attacks and Insider Threats that can potentially cause or create data, systems, networks, and personnel vulnerabilities.

  • Performs forensic analysis of digital information and gathers and handles evidence. Identifies network computer intrusion evidence and perpetrators, and coordinates with other government agencies to record and report incidents.

  • Monitors Intrusion Detection Systems (IDS) to identify security issues for remediation.

  • Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.

  • Prepare incident reports of analysis methodology and results.

  • Provide guidance and work leadership to less-experienced technical staff members.

  • Participate in special projects as required.

  • Continuously evaluate and make recommendations for the enhancement of the organization's security posture.

  • Position may require evening, weekend, or shiftwork (depending on operational tempo).




Desired Skills:


  • Experience with Perl Compatible Regular Expressions (PCRE)

  • Experience authoring Yara rules

  • Experience authoring Snort signatures;




Education and Experience:


  • HSD/GED+10yrs

  • Associates+8yrs

  • Bachelors+6yrs

  • Masters+4yrs

  • PhD+2yrs

  • NOTE:  Relevant professional certifications will be considered   equivalent to six (6) months of relevant experience.




Training and Certifications:


  • GIAC Continuous Monitoring (GMON) or equivalent

  • Splunk Core Certified User

  • DoDD 8140/DoD 8570.01M CNDSP Incident Responder (CND-IR) Baseline Certification




Required Certifications:


  • IAT II – Required to start on program.

  • CSSP Analyst - Required to start on program.

  • GMON (GIAC Continuous Monitoring Certification) – Required within 180 days of start date.

  • SCCU (Splunk Core Certified User) – Required within 180 days of start date.




Security Clearance:


  • TS SCI CI poly


You are applying for the position of 
Cyber Incident Responder Response Level 3 104-022
Upload Your Resume
bottom of page