Position Title: Incident Response Analyst Location: Hybrid. One day a week onsite: Washington DC - St. Elizebeth's Campus - Coast Guard HQ Clearance: TS/SCI Program: Coast Guard Cyber Command - Security Operation Center Company Description: Our great client is a an 8(a), Service-Disabled Veteran-Owned Small Business (SDVOSB) who specializes in cybersecurity operations, information assurance, computer network operations, solutions engineering, and project management in support of federal, state, and local government organizations. Our great client is 2023/24 awardee of Vet100 Fastest growth veteran owned business and ranked #491 on the Inc. 5000 list and #11 in government services! Responsibilities * Utilize state-of-the-art technologies such as host forensics tools(FTK/Encase), Endpoint Detection and Response tools, log analysis (Elastic), and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data.
* Conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response.
* Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis, and incident response.
* Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes.
* Lead Incident Response activities and mentor junior SOC staff.
* Work with key stakeholders to implement remediation plans in response to incidents.
* Effectively investigate and identify root cause findings, then communicate findings to stakeholders, including technical staff, and leadership.
Requirements: * Working knowledge of DoD Incident response standards and methodologies
* Flexible and adaptable self-starter with strong relationship-building skills
* Strong problem-solving abilities with an analytic and qualitative eye for reasoning
* Ability to independently prioritize and complete multiple tasks with little to no supervision
* Must possess a DOD 8570 IAT II or III qualifying certification
* One or more of the following certifications are preferred:
* GCIH - Incident Handler
* GCIA - Intrusion Analyst
* GCFA - Forensic Analyst
* GREM - Reverse Engineering Malware
* GNFA - Network Forensic Analyst
* CCFP - Certified Cyber Forensics Professional
* ECIH - EC-Council Certified Incident Handler