Cyber Incident Manager

Our Partner is supporting a U.S. Government customer to provide support for onsite incident response to civilian Government agencies and critical asset owners who experience cyber-attacks, providing immediate investigation and resolution. Contract personnel perform investigations to characterize the severity of breaches, develop mitigation plans, and assist with the restoration of services. They are seeking a Cyber Incident Manager to support this critical customer mission.

• Correlate incident data to identify specific trends in reported incidents
• Recommend defense in depth principles and practices (i.e. Defense in Multiple Places, layered defenses, security robustness, etc.)
• Perform Computer Network Defense incident triage to include determining scope, urgency, and potential impact
• Research and compile known resolution steps or workarounds to enable mitigation of potential Computer Network Defense incidents within the enterprise
• Applycybersecurity concepts to the detection and defense of intrusions into small, and large-scale IT networks, and conduct cursory analysis of log data
• Monitor external data sources to maintain currency of Computer Network Defense threat condition and determine which security issues may have an impact on the enterprise
• Identify the cause of an incident and recognize the key elements to ask external entities when learning the background and potential infection vector of an incident
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
• Trackand document
  
  Computer Network Defense (CND) incidents from initial detection through final resolution, and work with other components within the organization to obtain and coordinate information pertaining to ongoing incidents
• Provide support during assigned shifts (M-F  EST)

• U.S. Citizenship
• TS/SCI Clearance
• Must be able to obtain DHS Suitability
• BS Incident Management, Operations Management, Cybersecurity or related degree. HS Diploma with 3 years incident management or cyber security experience
• 1+ years of directly relevant experience in cyber incident management or cybersecurity operations
• Knowledge of incident response and handling methodologies
• Having close familiarity with NIST 800-62 (latest revision), and FISMA standards as they pertain to reporting incidents
• Knowledge of the NCCIC National Cyber Incident Scoring System to be able to prioritize triaging of incident
• Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks
• Knowledge of basic system administration and operating system hardening techniques, Computer Network Defense policies, procedures, and regulations
• Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored])
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code)

• Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored])
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code)

• GCIH, GCFA GISP, GCED, CCFP or CISSP