Senior Cybersecurity Incident Handler, first shift (7 AM - 3 PM, Monday - Friday), primarily focusing on the full lifecycle of response (analysis, triage, end user communication, containment, eradication, recovery and post-incident process improvement). Developing and coordinating the implementation of courses of action (COAs), assisting in preserving data integrity and full reporting and documentation, including after action and process improvement.
This position is in support of the US Federal Court System and requires a public trust clearance. You can be sponsored if you don't have one - they are quick and easy! The position includes full-lifecycle incident handling/response and frequent use of SIEM tools, especially Splunk, Arbor, ArcSight, SourceFire, Bro IDS, McAfee ePolicy Orchestrator, FireEye, etc... You don't need to be proficient in all of them - there will be opportunities to learn. This customer is especially interested in Splunk ES experience. It also requires coordination with end users as well as external organizations such as DHS/CERT. This customer is particularly open to opportunityes to grow and sensitive to the fact that employee needs and interests change over time. So while this is a 7 AM - 3 PM, Monday - Friday, incident handling position, a team member that comes aboard and proves himself or herself will find opportunities to change shifts as desired or change positions as they become available.
- Understand the full Incident Response cycle and work processes (preparation, detection and analysis, containment, eradication, recovery and post-incident).
- Ensure the timely response to cyber incidents through appropriate technical and operational channels in a way that promotes an accurate, meaningful, and comprehensive understanding of the cyber incident throughout its life cycle.
- Effectively contain events and incidents and isolate systems to minimize any damage or impact to judicial information networks, systems, data, and services.
- Report, analyze, coordinate, and respond to any event or cyber incident for the purpose of mitigating any adverse operational or technical impact.
- Extract meaningful information from technical reports and convert to documentation or summary reports that clearly conveys issues/status to leadership.
- Coordinate the development and implementation of courses of action (COAs) that focus on containment, eradication, and recovery. Ensures the acquisition and preservation of data required for tactical analysis, strategic analysis, and/or LE investigations.
- Safely acquire and preserve the integrity of data required for cyber incident analysis to help determine the technical/operational impact, root cause(s), scope, and nature of the attack.
- Ensure the effective coordination and communication of cyber incident information through appropriate channels and with appropriate internal and external stakeholders.
- Provide an effective and comprehensive response including the recovery of affected systems and the return to a fully functioning, secure, operational state for all services and systems.
- Identify lessons learned to help improve infrastructure component protection strategies and cyber incident handling procedures to prevent a recurrence of the cyber event or incident.
- Understand patterns of activity and trends to characterize the threat and direct protective and defensive strategies.
- Document all findings and coordinating activities through the ticket tracking system including preliminary response actions, first responder actions, or actions taken to preserve and protect incident artifacts, evidence or chain of custody.