Job Code: #12113
Title: CNDSP Incident Analyst Lead
Job Location: Albuquerque, New Mexico
My client is seeking a CNDSP Incident Analyst Lead. You must be a U.S. Citizen and have an active Government Clearance. We are unable to sponsor H1b candidates at this time.
The CNDSP Incident Analyst Lead will be responsible for leading a team of IA and Network Security Engineers charged with incident handling, triage of events, network analysis and threat detection, trend analysis, metrics development, vulnerability information dissemination and the DoD CNDSP methodology. Provide the ACE-IT CIRT with situational awareness of all Cyber Security Information across the enterprise network. Coordinate Network Defense Operations and monitor and report incident status, threat possibilities and trending. Have knowledge of Army computer network defense with a strong understanding of the lifecycle of network threats, typical attack vectors, and network and system vulnerability exploitation. The CNDSP Incident Analyst Lead will collaborate with the ACE-IT CIRT and the Engineering Design Directorate Software Assurance Lead towards integrating security into the System Development Life Cycle of different development groups across the Computer Network Defense.
- Security Clearance: Top Secret SSBI
- DoDI 8570.01-M CNDSP Incident Responder certification and corresponding Computing Environment certification.
- Operate response duties as required and directed by the ACE-IT CIRT.
- Serve as technical expert and liaison to external incident response personnel and brief incident details as necessary to ACE-IT Senior leadership, up to and including the Director.
- Document and report incidents from initial detection through final resolution using standard DoD incident reporting channels and methods (refer to CJCSM 6510.01B “Cyber Incident Handling Program” dated 10 July 2012 or later)
- Provide remote incident handling support such as forensics collections, intrusion correlation tracking, threat analysis and direct system remediation tasks to onsite personnel.
- Coordinate with USACE Cyber Security Team to correlate threat assessment data.
- Monitor open source feeds and reporting on the latest threats against computer network defenses.
- Ability to learn the interface, customization, language acceptance, and logic of new CND related tools as ACE-IT acquires them.
- Utilize malware analysis techniques, advanced statistic and dynamic analysis to identify and assess malicious software.
- Provide technical expertise regarding the defense of government information systems and networks.
- Monitor intrusion detection and security information management systems to discover and mitigate malicious activity on enterprise networks.
- Initiate computer incident handling procedures to isolate and investigate potential network information system compromises.
- Perform malware and/or forensic analysis as part of the incident management process.
- Design and integrate custom rules and reports into proper security tools and data collection architectures.
- Identify risks to computer systems and make written and verbal remediation recommendations to senior program staff as well as ACE-IT leadership.
- Respond to General Service Incidents: Service and infrastructure related incidents (loss of service, poor performance, and service anomalies)
- Respond to Electronic Spillage incidents where classified, Personal Identifiable Information (PII), Controlled Unclassified Information (CUI), or Networks of Interest (NOI) information is introduced on an IT system or network that it is not authorized to hold or process such data.
- Respond to Unauthorized disclosure: any incident where information, data, or files have been made available to a person or persons who do not have authorized access.
- Respond to requirements associated with Information Operations Conditions (INFOCON) and higher HQ direction.
- Support Investigation activities associated with complex incidents requiring more in depth data collection for command or law enforcement issues.
- Support Security Incident Response to include: Perimeter Configuration Incidents, Security Events to address actual or potential CND events or identified threats; End user level intrusion or rouge systems; vulnerability identification and mitigation; and Mission Assurance Incidents impacting IT systems or networks.
- Develop incident response and reporting and policy updates as needed IAW ACE-IT CIRT.
- Manage and work in close coordination with the Information Assurance team and SOC to appropriately resolve daily incidents.
- Ensure new employees are oriented to the Security organization and responsibilities to the customer.
- Periodically review training requirements for personnel and ensure they are maintaining DoD requirements for their positions.
- Provide guidance to security staff regarding Computer Network Defense and Information Assurance.
- Evaluate information assurance staff for performance as required.
- Ensure staff are following customer, DoD, Army, Vectrus policies and procedures.
Education/Certifications: One year related experience may be substituted for one year of education, if degree is required.
7-10 years IT Security and CND experience or Computer Science Bachelor’s Degree;
5 or more years IT Security and CND experience in the Army/DOD or Computer Science Bachelor’s Degree;
This position requires DoDI 8570.01-M CNDSP Incident Responder certification and corresponding Computing Environment certification.
Top Secret Clearance based on a SSBI and able to meet the requirements of DCID 6/4
- Demonstrate expert-level knowledge in planning, directing, and managing projects/operations in an organization similar in size to this acquisition;
- Demonstrate expert-level knowledge of Army, DOD and industry accepted policies, standards, best practices, and regulations related to Cyber Security CND;
- Demonstrate experience with researching and fielding new and innovative technology
- Experience with ArcSight, Splunk, HBSS, and FireEye
- Understanding of how backdoors are used to gain access to systems and how to defend systems
- Understanding and knowledge of how attackers use tunneling and covert channels to cover their tracks on a network, and the strategies involved in defending against them.
- Clear understanding of how attackers hide files and directories on Windows and Linux hosts and how they attempt to cover their tracks.
- Comprehensive understanding of different kinds of Denial of Service (DoS) attacks and how to defend against them.
- Knowledge of how format string attacks work and how to defend against them.
- Extensive packet analysis skills
- Experience conducting network, system and malware analysis and reporting findings, assisting with vulnerability mitigation strategy and execution.
- 8570 Compliant CNDSP Incident Responder (i.e CEH) with an approved Computing Environment Certification; and an OS certification
- Excellent written and verbal communication skills with good organizational and project management skills with the ability to lead a team.
For immediate consideration, please send your resume to firstname.lastname@example.org.
When submitting your resume, please include the best way and time to reach you and the salary/rate that you desire.
This position can be located at any of the below locations:
|Los Angeles||CA||New Orleans||LA||Omaha||NE||Nashville||TN|
|Jacksonville||FL||St. Paul||MN||New York||NY||Norfolk||VA|
|Honolulu||HI||St. Louis||MO||Portland||OR||Walla Walla||WA|
We are also looking to fill the positions listed below. They are also available in any of the locations listed above.
|Application Programmer II||Network Security/Information Assurance Engineer II||Systems Operator|
|CNDSP Incident Analyst III||Network Security/Information Assurance Engineer III||Technical Proposal Lead Engineer|
|Database Administrator II||SharePoint Developer||Testing Service Coordinator|
|Database Administrator III||Software Engineer I||UNIX Systems Administrator II|
|Network Architect||Software Packager||VDI Administrator|
|Network Engineer I||Storage Engineer I||VDI Engineer|
|Network Engineer II||Systems Administrator I||VoIP Engineer II|
|Network Security/Information Assurance Engineer I||Systems Engineer I||VoIP Engineer III|