Senior Cyber Defense Incident Responder

M9 Solutions is seeking a Senior Cyber Defense Incident Responder to work on-site in support of a government contract for a client located in Washington, DC. An active TS/SCI clearance is required.

Responsibilities

• Facilitates and coordinates with leadership to provide expert technical support to the enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Correlates incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation to any attacks within the client networks.
• Respond to cyber incidents as necessary and act as a liaison between entities with internal and external stakeholders within the organization.
• Collects intrusion artifacts (e.g., source code, malware, trojans) and uses discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Performs analysis of log files from a variety of sources to identify possible threats to network security.
• Performs cyber defense incident triage, to include determining scope, urgency, and potential impact, identifies the specific vulnerability, and makes recommendations that enable expeditious remediation.
• Performs cyber defense trend analysis and reporting.
• Assists in Incident Response processes and in the enhancement of behavioral analytics, including the development of Concept of Operations and Standards Operating Procedures.
• Develops and maintains models for cyber threat mitigation and improves threat modeling.
• Uses behavior analytics (UBA) and ensures all infrastructure components meet proper performance standards.
• Coordinates and provides expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Coordinates incident response functions.
• Monitors external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat conditions and determine which security issues may have an impact on the enterprise.
• Performs cyber defense trend analysis and reporting.
• Performs initial, forensically sound collection of images and inspects to discern possible mitigation/remediation on enterprise systems.
• Receives and analyzes network alerts from various sources within the enterprise and determines possible causes of such alerts.
• Writes and publishes after-action reviews.
• Writes and publishes cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies.
• Assists junior Incident Response Technicians in their tasks.

Required Skills and Qualifications

• TS/SCI security clearance.
• Bachelor's degree in a related field.
• 8 years of relevant experience. In lieu of some experience, industry certifications can be substituted.
• Proven experience conducting incident response and forensic investigations within large, complex enterprise environments, including analysis of malware, logs, and network traffic to identify and mitigate threats.
• Strong understanding of cyber threat intelligence, behavioral analytics, and security operations processes, with the ability to develop and document standard operating procedures and after-action reports.