Incident Handler Security Clearance

Position: Incident Handler with Security Clearance
The Alaka`ina Foundation Family of Companies (FOCs) is looking for an Incident Handler to support our government customer located in Honolulu, Hawai'i .

SCHEDULE:

4 Days x 10 Hour Shifts (Rotating); 40 Hours Weekly We are seeking a highly skilled Incident Handler to join our team, dedicated to protecting our organization's critical assets and infrastructure. To thrive in this position, you must be able to excel in a fast-paced, dynamic environment, leveraging your skills to identify, analyze, and mitigate cyber threats. You will have opportunities to utilize and develop state-of-the-art security tools and technologies to enhance our incident response capabilities.

We offer professional development opportunities to support your growth and align with current and future mission requirements, ensuring you stay at the forefront of the cybersecurity field. DESCRIPTION OF RESPONSIBILITIES:
* Monitor all sensors and agents managed by the organization for security event analysis and response and maintain and update the triage database with current threat data and response methods in real-time with follow-up.

* Develop, staff, coordinate, and execute cyber-incident response investigations for the operational environment (unclassified and classified), addressing each pre-determined category of cyber incident detected and addressing priorities, types of internal defensive measures, and potential mitigation strategies to be employed at an acceptable level of risk.

* Conduct incident analysis and recommend mitigation measures in response to advanced persistent threats (APT), attempted exploits/attacks, and malware delivery, which may include blocking hostile websites or restricting access to specific ports/protocols and/or applications.

* Develop, test, and implement custom detection signatures and rules based on emerging threats, vulnerabilities, and attack vectors, and actively collaborate with penetration testing teams to validate the effectiveness and accuracy of these signatures through simulated attacks and real-world scenarios, ensuring a robust and resilient defense against evolving cyber threats.

* Provide support and expertise to law enforcement and counterintelligence (LE/CI) officials, including the provision of required data along with a summary or analysis pertaining specifically to requirements in the LE/CI official request or within Organizational TTPs.

* Provide justification of internal defensive measures and/or operational impact to a configuration control board (CCB) and/or approving authority (AO) for mitigation action approval and make recommendations to the supported operations and maintenance organization to take necessary actions.

* Other duties as assigned, by Supervisor. REQUIRED DEGREE/

EDUCATION/CERTIFICATION:

* A Bachelor of Science degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent work experience).

* Must meet at least one of the following baseline certifications in lieu of education:

* Cloud+, CBROPS, GCED, CFR, GFACT, CYSA, GISF, FITSP-O, GSEC, GCFA, Pen Test+, GCIA, Security+, GDSA

* Must meet designated Computing Environment (CE) certifications within 6 months of hire. REQUIRED

SKILLS AND EXPERIENCE:

* Proficiency in using security tools and technologies, such as SIEM, IDS/IPS, firewalls, and endpoint detection and response (EDR) solutions.

* Experience with network and system administration, as well as understanding of common network protocols and services.

* Familiarity with various operating systems, including Windows and Linux.

* Excellent analytical and problem-solving skills, with the ability to think critically and make quick decisions under pressure.

* Strong communication and collaboration skills, with the ability to effectively convey technical information to both technical and non-technical audiences.

* Ability to work independently and as part of a team, demonstrating initiative and adaptability in a fast-paced environment. DESIRED

SKILLS AND EXPERIENCE:

* Automate various tasks via scripting languages: (Power Shell/Bash/Python, etc.)

* Develop atomic, statistical, and behavioral rules within SIEM(s): (Splunk/Elastic/Trellix, etc.)

* Analysis of network alerting within IDS/IPS(s): (Cisco Secure Firewall/Trellix/Security Onion, Snort/Suricata, etc.)

* NIDS rule creation and tuning: (Snort/Suricata, etc.)

* PCAP Analysis and associated tools: (TCPDump/Snort/Suricata, Wireshark/Network miner, etc.)

* Understand logging outputs of Network Security Monitors: (Zeek/Suricata, etc.)

* Digital Forensic solutions for Hard Drive Imaging analysis: (EnCase, FTK Imager, etc.)

* Memory Analysis tools for analysis of SWAP & RAM: (Volatility, etc.)

* Host analysis HID/HIP and other Host solutions: (Trellix HBSS/ePO, Tychon/Tanium, etc.) REQUIRED CITIZENSHIP AND CLEARANCE:
* Must be a U.S. Citizen.

* Must have a TOP SECRET/SCI clearance OR a SECRET clearance with the ability to upgrade. The Alaka`ina Foundation Family of Companies (FOCs) is a fast-growing government…