CSOC Tier 3 Services
The Contractor shall provide CSOC Tier 3 services, which is 24x7x365 coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for events and incidents. CSOC Tier 3 services includes malware and implant analysis, and forensic artifact handling and analysis. When a CIRT is stood up, all contractors in support of CSOC Tier 3 services will be under the direct control of, and take direction from, the Government CIRT Commander. While not in a period of incident response, the Contractor shall conduct continuous exercises and dry runs to improve response outcomes in the event of a cyber-incident. All Contractor personnel performing CSOC Tier 3 services shall have or obtain, within six months of start, a certification that is compliant with DoDD 8140.01 and DoD 8570.01-M IAT Level II and CSSP Incident Responder.
POSITION OVERVIEW:
We are seeking a skilled CSOC Tier 3 Incident Response Specialist to provide 24x7x365 support in the coordination, containment, eradication, and recovery of cybersecurity incidents. As a critical member of the Cybersecurity Operations Center (CSOC), you will analyze malware, manage forensic artifacts, and participate in continuous training to enhance response capabilities. During active cyber incidents, you will take direct orders from the Government CIRT Commander, ensuring timely and effective resolution.
KEY RESPONSIBILITIES
-
Execute and document actions during cybersecurity incident response, including containment measures, IP and domain blocking, and user account disabling.
-
Coordinate with Counterintelligence, law enforcement, and other stakeholders for advanced incident investigation and triage.
-
Produce and deliver security incident reports, categorize incidents, and ensure proper containment and eradication.
-
De-conflict blue/red team activities during incidents and manage recovery efforts.
-
Develop incident response documentation, including timelines, briefings, and reports for stakeholders.
-
Perform digital media analysis, malware analysis, and create custom scripts to aid in incident response and analysis.
-
Generate and update reports in JIMS, ICMS, and other authorized systems as required by the Government.
-
Collaborate with other teams to ensure a comprehensive response and recovery strategy.
-
Conduct quality control reviews of CSOC Tier 2 tickets to maintain a high standard of incident analysis and documentation.
REQUIREMENTS:
-
Certification compliant with DoDD 8140.01 and DoD 8570.01-M IAT Level II and CSSP Incident Responder within six months of start.
-
Strong experience in malware analysis, forensic artifact handling, and incident response processes.
-
Ability to coordinate with cross-functional teams and stakeholders during incident triage and recovery efforts.
-
This role is critical to maintaining the security and integrity of Government networks and requires a proactive, detail-oriented professional capable of handling high-pressure situations and complex incidents.
OTHER DUTIES DISCLAIMER:
This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Other duties and responsibilities and activities may change or be assigned at any time with or without notice.