Incident Response Expert III

Responsibilities

• Serves as hunt and incident response subject matter expert (SME), applying in-depth knowledge on threat actor (TA) tools, techniques, and procedures (TTPs)
• Distills analytic findings into executive summaries and in-depth technical reports
• Provide expert support, analysis, and research with only broad direction into exceptionally complex problems and processes relating to the subject matter as it relates to hunt and incident response activities
• Serves as technical expert on high-level incident response teams providing technical direction, interpretation, and alternatives
• Exercises considerable latitude in determining technical objectives of an assignment or task at hand
• Independently develops technical solutions to complex problems that require the regular use of ingenuity and creativity
• Analyzes incident data and victim environments to recommend targeted mitigations
• Advise technical personnel on countermeasure implementation and customization
• Supports internal stakeholders on containment and eradication missions
• Documents analysis in a standardized knowledgebase for sharing and publication
• Assists in maintaining branch process and procedure documentation
• Guides the completion of hunt and incident response activities

Minimum Qualifications

• BS Computer Science, Cyber Security, Computer Engineering, or related degree; or HS Diploma & 7+ years of technical experience in the area of expertise.
• 5+ years of directly relevant experience in the area of expertise
• Must be able to travel domestically on short notice
• Strong understanding of network architecture/security
• Experience performing cyber incident response
• Ability to think independently
• Demonstrates superior written and oral communication skills
• Must be able to work collaboratively across physical locations
• Skilled in identifying different classes of attacks and attack stages
• Understanding of system and application security threats and vulnerabilities
• Understanding of proactive analysis of systems and networks, to include creating trust levels of critical resources
• Proficiency with common operating systems (e,g, Linux/Unix, Windows)

Preferred Qualifications

• Experience leading and mentoring technical teams
• Knowledge of Computer Network Defense policies, procedures and regulations
• Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored])
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, returnoriented attacks, and malicious code)
• Network and System administration experience
• Strong understanding of adversarial tactics/techniques/procedures (TTPs)
• Experience with Identity and Access Management (IAM) tools
• Ability to review and analyze Enterprise Architecture (EA) from a security perspective
• Understanding of cyber defense-in-depth principles
• Hands-on skill in host/network intrusion detection
• Ability to perform event correlation 
• Experience with malicious activity analysis
• Ability to collaborate with stakeholders at multiple levels within an organization
• Desired Certifications: One or more
  DoD 8140.01 IAT Level II, IASAE II, CSSP Analyst
  DoD 8140.01 GCIA, GCIH, CSSP Analyst/CSSP Incident Responder
  DoD 8140.01 CEH, CSSP Analyst
• SANS GIAC GNFA preferred
• SANS GRID, GICSP, or GCIP a plus