CSSP​/IR Analyst

Position Title

• Cybersecurity Service Provider (CSSP) / Incident Response (IR) Analyst

• Operations

• IR Lead

• Full-Time

• Have the ability to obtain and maintain a TS/SCI clearance

Bespoke Corps, LLC (Bespoke) is looking for a qualified candidate to provide day‑to‑day onsite support to one of our valued customers. We seek a candidate responsible for supporting the accomplishments of the engagement. They will assist with project staff on‑site, provide technical/penetration testing, support work assignments, and act as liaison between project staff and project managers. In addition, the individual will present the customer staff regarding issues or conflicts and ensure the quality of all deliverables.

The candidate must be a self‑starter who achieves in individual and team‑oriented activities.

• Strong technical skills and a firm and thorough understanding of CSSP/IR tools (i.e. SIEM Tools) as well as a demonstrated ability to identify new and emerging threats
• Providing detailed triage of CSSP/IR incidents including: implementing intrusion detection and prevention signatures
• Conducting active hunting for network intrusions involving manual packet capture analysis, DNS log review, open source, and closed source intel analysis
• Knowledge of Advanced Persistent Threats (APT), network attack patterns, detection techniques, trends, threat actors, and techniques for defending a network against these attacks
• Creating detailed reports on attack trends and recommended mitigations that are suitable for both senior leaders and technical audiences
• Extensive experience creating detailed reports pertaining to various cybersecurity‑related concerns or events
• Gathering, analyzing, and implementing defenses against Indicators of Compromise (IoCs) gathered from open forums, closed forums, mailing lists, and directed research
• Ability to collaborate well within a team construct

• Current TS security clearance with current SCI access, or have been granted SCI access within the past 24 months
• DoD 8140 IAT-II or above professional certification (i.e., Security+, GCIH)
• Current Certified Ethical Hacker (CEH) certification, or have the ability to obtain an active CEH certification within 90 days
• Knowledge and experience categorizing CSSP/IR incidents with CJCSM 6510 Incident Response Categories
• Experience with creating and implementing custom Yara, Snort and ESS rules

• Knowledge of scripting languages such as Python is a plus

The work environment and physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to talk or hear. The employee is frequently required, sometimes for extended periods, to walk, stand, or sit.

This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets, and fax machines. The employee is occasionally required to climb ladders or stairs; use hands to type, finger, handle, or feel; reach with hands and arms; balance, stoop, kneel, crouch, or crawl; and get in and out of vehicles. The employee must occasionally lift and/or move small or large objects up to 50 pounds.

Specific vision abilities required by this job include close vision, distance vision, color vision, depth perception, and the ability to adjust focus.

• Arlington, VA (The Pentagon)

• Monday – Friday, 7:00am - 3:00pm (Occasional Rotational Holiday Support)

• There is no travel expected for this position

• W-2 candidates are welcome to apply (please include a current copy of your resume)