Join Our Mission-Driven Team as a Cyber Incident Manager
At Farfield Systems, we’ve been passionately supporting the government contracting community for over 23 years, dedicated to making a meaningful impact on our customers' most critical missions. Our philosophy is simple: “employee driven…customer focused.” This core value shapes our culture and the way we work, ensuring that our team members are prioritized so they, in turn, can deliver exceptional service to our clients.
We are currently seeking a
Cyber Incident Manager to join our team and play a pivotal role in safeguarding U.S. Government agencies and vital asset owners from cyber threats. This position is essential in providing on-the-ground incident response to those affected by cyber-attacks, ensuring rapid investigation and resolution.
Key Responsibilities:
- Analyze incident data to identify patterns and trends in reported incidents, contributing to enhanced security measures.
- Advocate for comprehensive defense strategies, including layered defenses and robust security practices, to fortify our clients' systems.
- Conduct triage of Computer Network Defense (CND) incidents, assessing scope, urgency, and potential impact to prioritize response efforts.
- Research and compile effective resolution strategies or workarounds to mitigate potential CND incidents across the enterprise.
- Apply cybersecurity principles to detect and defend against intrusions within both small and large-scale IT networks, performing cursory log data analysis.
- Monitor external data sources to stay informed about the current threat landscape and assess security issues that may affect the enterprise.
- Identify incident causes and engage with external entities to gather critical background information and potential infection vectors.
- Analyze network alerts from various sources within the enterprise, determining possible causes and coordinating responses.
- Document and track CND incidents from initial detection to final resolution, collaborating with various organizational components to gather and share information on ongoing incidents.
- Limited candidates may be considered for shift work, with set schedules dedicated to triaging and researching incidents for Indicators of Compromise (IOCs) and escalating to specialized analysts as needed.
If you are passionate about cybersecurity and want to make a difference in a supportive, mission-driven environment, we’d love to hear from you. Join us at Farfield Systems, where your expertise will help protect our nation's most important assets while being part of a team that values your contribution.
Requirements:
Required Skills:
- U.S. Citizenship
- Must have an active TS/SCI clearance
- Must be able to obtain DHS Suitability
- 5+ years of directly relevant experience in cyber incident management or cybersecurity operations
- Knowledge of incident response and handling methodologies
- Having close familiarity with NIST 800-62 (latest revision), and FISMA standards as they pertain to reporting incidents
- Ability to prioritize incidents, investigate and describe tactics used in phishing campaigns, as well as recognize gaps in incident reporting
- Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)
- Skill in recognizing and categorizing types of vulnerabilities and associated attacks
- Knowledge of basic system administration and operating system hardening techniques, Computer Network Defense policies, procedures, and regulations
- Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored])
- Knowledge of system and application security threats and attack methods (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code)
Desired Skills:
- Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored])
- Knowledge of system and application security threats and attack methods (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code)
Required Education:
BS Incident Management, Operations Management, Cybersecurity or related degree. HS Diploma with 7-9 incident management or cyber security experience
Desired Certifications:
GCIH, GCFA GISP, GCED, CCFP or CISSP
Base
Security Clearance Required: TS/SCI