Cyber Incident Responder

Job Number: R0241884

Are you ready to take a strategic role in cyber defense? Do you want to use your experience-based knowledge to protect critical infrastructure from the constant onslaught of cyber-attacks? If you want a position that uses your extensive threat analysis skills to perform advanced threat identification and complex incident response, you want to be a Cyber Incident Responder.

As an analyst on our team, you'll analyze logs, forensic data, and threat intelligence to find the advanced threats that are escaping detection and respond to active threats in real time. Using your deep understanding of your customer's networks, combined with your cyber security experience, you'll analyze patterns to understand attackers' goals and stop them from succeeding. Once you find the adversary in the SEIM's blind spot, you'll advise the customer on ways to close the gaps and harden their network.

Let's outsmart malicious actors and protect critical infrastructure.

• 5+ years of experience in malware analysis, digital forensics, data and network analysis, penetration testing, information assurance, trends analysis, quality control analysis, information assurance, or vulnerability management
• Experience applying the NIST incident response life cycle to cybersecurity events
• Experience with vulnerability analysis, including static code analysis
• Experience with security monitoring and alert triage
• Knowledge of system administration, network security concepts, and operating system hardening techniques
• Knowledge of security AWS cloud computing services, including Identity and Access Management (IAM), IAM roles, policies, and permission boundaries, Cloud Trail, Cloud Watch, and common log sources such as VPC Flow Logs, S3 access logs, DNS logs, Guard Duty, Security Hub CPSM, Inspector, and Config
• Knowledge of AWS cloud computing infrastructure services, including EC2, S3, VPC, Lambda, EKS, RDS, and Route 53
• Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies
• TS/SCI clearance
• Bachelor's degree

• Experience identifying, capturing, containing, and reporting malware
• Experience performing damage assessments and documenting incidents through root cause analysis and after-action reports
• Experience using security event correlation tools and designing incident response for cloud service models
• Experience utilizing AWS command line interface in relation to security-relevant AWS services and log sources
• Experience with programming or scripting, including Python and Bash
• Knowledge of preserving evidence integrity according to standard operating procedures or national standards
• Ability to recognize and categorize types of vulnerabilities and associated attacks
• Ability to protect a network against malware, including NIPS, anti-malware, restrict and prevent external devices, and spam filters
• Possession of strong written and verbal communication skills
• Security+, CISSP, CASP, or GCED Certification

Salary for this position is projected to range from $86,800.00 to $ (annualized USD) and is determined by various factors, including location, education, skills, and experience. Booz Allen offers a comprehensive benefits package, including health, life, disability, financial, and retirement benefits, paid leave, professional development, tuition assistance, work‑life programs, and dependent care.

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.