JSP Incident Handling Analyst - Senior

CSRA - Washington, DC (30+ days ago)3.5

Clearance Level Must Currently Possess:
Top Secret

Clearance Level Must Be Able to Obtain:
Top Secret SCI

No Suitability Required

Job Family:
Information Technology

Job Description:
The Incident Handling Analyst – Senior will demonstrate expert-level knowledge in the planning, directing, and managing Computer Incident Response Team (CIRT) operations in a large organization. In addition, they will contribute to a team of Active Detection & Prevention (ADP) professionals working with Intrusion Detection System (IDS) software and hardware, writing reports, briefing event details to leadership, and coordinating remediation within large/complex networks.

The Incident Handling Branch provides incident analysis, forensics, reverse engineering, and fusion reporting to provide JSP leadership, customers, and appropriate agencies situational awareness on current and emerging threats, as well as indications and warnings (I&W). Incident Handling Branch response services includes the actions taken to report, analyze, coordinate, and respond to any event or computer security incident for the purpose of mitigating any adverse operational or technical impact. Incident Response includes the coordinated development and implementation of courses of action (COAs) that focus on containment, eradication, and recovery. At the same time, it ensures the acquisition and preservation of data required for tactical analysis, strategic analysis, and/or Counter Intelligence (CI) or Law Enforcement (LE) investigations.

The work location is at the Pentagon and is in support of Pentagon classified and unclassified networks.

As an Incident Handling Analyst-Senior you will:
Demonstrate over six years of experience in Intelligence Community (IC) reporting of cyber threats and MUST have experience with CJCSM 6510.01B;
Demonstrate expert-level knowledge of network traffic and communications, including known ports and services;
Demonstrate a knowledge of the Windows operating system, knowledge in various Linux distributions and the Unix framework;
Demonstrates knowledge of the following security related technologies: IPS, IDS, SIEM, firewalls, DNS, encryption, HIDS, NIDS, proxies, Network Packet Analyzers, malware analysis, forensic tools, and enterprise level appliances;
Demonstrate an understanding of various open source and commercial analysis tools used for incident analysis, both network and host-based;
Demonstrate understanding of DoD accreditation policies, processes, and practices;
Demonstrate expert-level knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) operations in an organization similar in size to this acquisition;
Expert proficiency in conducting research and analysis, compiling relevant all source intelligence to incorporate into analytical products and technical briefings;
Demonstrate the capability to deliver presentations to senior leaders and in a conference setting;
Demonstrate expert ability to analyze and identify relationships and trends between incidents in the short term and patterns across incidents in the long term and report trend analysis in quarterly and yearly trend analysis reports;
Demonstrate the expert ability to write detailed technical reports that can be consumed by multiple types of consumers;
Demonstrate expert ability to extract actionable information and indicators from intelligence reporting and articulate to network defenders to update network security posture;
Demonstrate knowledge of cultural, linguistic, and other behavioral aspects of threat actor capabilities and intent;
Demonstrate knowledge of threat intelligence tradecraft, structured analytic, contrarian, and imaginative analytic techniques;
Demonstrate expert knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]);
Demonstrate knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., central processing units [CPUs], network interface cards [NICs], data storage);
Demonstrate expert ability to analyze of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT])

Additional Job Description:
MANDATORY Job Requirements:
BS degree in a technical field (4+ years of experience in Incident Response in lieu of a degree)
6+ years of Incident and Malware analysis experience within DoD or IC environment
Knowledge of Cyber Collection Management, Dissemination, Artifact Analysis,

Attribution/Mitigation Methodology:
Knowledge/Understanding of the Diamond Model Concept
Familiar with DoD hierarchy and reporting chain
Situational Awareness of how to perform report research on U (OSINT)/S/TS
Basic networking and PCAP deciphering capabilities
DoD 8570 IAT Level III
CISSP or CISM certifications (preferred)
DoD 8570 Computing Environment
Related Field
DoD 8570 IASAE/CND Certification
CEH, Sec+, CND-IR, GCIA or GCIH certification
Top Secret (TS) – Sensitive Compartmented Information (SCI)
Excellent verbal and written communication skills
#cjobs #dicepost #gdjobs

# of Openings:

Scheduled Weekly Hours:

T elecommuting Options:
Telecommuting Not Allowed

Work Location:
USA DC Washington - 1400 Defense Pentagon (DCC132)

Additional Work Locations:
CSRA is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.