Incident Response Analyst, Cyber Defense Incident Responder (531))

Clearance Requirement: Top Secret/SCI. Candidate must be willing to pass a counterintelligence (CI) polygraph.

 

Position Description:

The Incident Response Analyst investigates, analyzes, and responds the cyber incidents within the network environment or enclave. Analyzes digital evidence and investigates computer security incidents to drive useful information in support of system/network vulnerability

mitigation. Manage the organization’s Cybersecurity incident response program, including metric development to identify trends and appropriate mitigations.

The Incident Response Analyst shall analyze the existing organizational incident response policy and procedures. Within 60 days of contract award provide a written analysis and any recommendations for government consideration. The format shall be recommended for government approval. Shall draft, maintain, and update incident response policy and procedures upon government request.

The Incident Response Analyst shall track reported cyber incidents. Shall develop an annual compilation of incidents based upon Cybersecurity incident reports upon fiscal year assessments. The compilation shall include a trend analysis and recommendations for mitigations. The format shall be recommended for government approval. The compilation shall be void of system names, system identification numbers, government or contractor locations, and individual names. The draft compilation shall be provided to the government annually by 1 January.

Shall develop metrics associated with reported cyber incidents. The format shall be recommended for government approval. Delivery shall be the first of January, April, July, and October each year.

Shall review cybersecurity incident reports for completeness and accuracy and provide a resolution recommendation to the government within 10 days of submission.

Shall provide initial guidance on mitigating and documenting cyber incidents when reported. Guidance shall be provided via email. The Incident Response Analyst will notify the government verbally of any reported cyber incidents within one hour.

The Incident Response Analyst will investigate cyber incident at the request of the government and document the results of the investigation using the organizational template. Submission of the written report shall be within 10 days of completion of mitigation actions and inquiry.

Draft and/or preliminary documents shall be presented in one of the following electronic formats: Microsoft Office version 2007 compatible (.docx, .xlsx, or .pptx) or the standard Portable Document Format (PDF) format. Final and/or approved format shall be determined by the government; may recommend additional formats.

Travel approximately 10% annually.

 

Position Qualifications:

·         Shall have 4 or more years of experience in investigating, analyzing, responding, and documenting cyber incidents.

Shall meet the Cyber IT/Cybersecurity Workforce (CSWF) Cyber Defense Incident Responder (531); Intermediate Level for SECNAV M-5239.2 compliance. (See Navy Cool WebSite)

 

Education: Bachelor Degree from accredited University; OR

 

Training: CYBR1100 Network Traffic Analysis; or CYBR2100 Certified Ethical Hacker; or CYBR2150; or

CYBR2400 Cyber Operator Training Course; or CYBR4005 Comp Forensics Invest and Response; or NEC 742A Network Security Vulnerability Technician; or NEC H08A Advanced Network Analyst; or

NEC H10A Basic Cyber Analyst/Operator; or NETW 4001 Security Plus; OR

 

Certification: Certified Computer Security Incident Handler (CSIH); or GIAC Certified Incident Handler (GCIH); AND

 

OJT: NAVEDTRA JQR Incident Handling Analyst (304); or JQR Incident Handling Lead (303); or

NAVEDTRA 43350-A - Media Forensic Analyst; and

NAVEDTRA 43469 Watchstation 302 - Information Assurance Technician Level II (Privileged User); AND

 

Continuous Learning: DoD requires 20 hours Continuous Learning each calendar year. This requirement is in addition to any industry certification Continuous Learning requirement. [Note: DoD 20 hours Annually - Industry certification Continuous Learning may be applied towards DoD 20 hour annual requirement. However, not all DoD Continuous Learning hours can be applied to industry certification Continuous Learning requirement, check with certification agency on what may be accepted.]; AND

 

Operating System/Computing Environment Certificate: Operating System/Computing Environment (OS/CE) certificate of training, as dictated by Command Cyber IT/CSWF-PM; AND

 

Sign Privileged Access Statement: System Authorization Access Request (SAAR) with Privileged Access agreement as required by Local Command.

 

Desired Qualifications:

·         Experience with handling digital evidence and examination.

·         Experience collecting and reporting metrics associated with cyber incidents.

·         Experience with Information Assurance Vulnerability Messages.

·         Ethical hacker, incident response or digital forensics certification.

 

This job is currently not open for applications. Would you like to see our other open positions?