Position:

Cybersecurity Service Provider/Incident Response (CSSP/IR) Analyst

Position Identifier:

ARLI-CSSP/IR-001

Position Description:

Bespoke Corps, LLC is looking for a qualified candidate to provide onsite support to one of our valued Department of Defense (DoD) customers. We are seeking a (CSSP/IR) specialist with specific skills in intrusion detection and prevention. The specialist will perform full-spectrum CSSP/IR in accordance with DoD and NIST policy and process frameworks, and open and closed source cybersecurity intelligence (fusion) research and analysis. The ideal candidate is self-motivated, thrives in team-based work environments, and has strong verbal and written communication skills. The candidate will have demonstrative experience supporting DoD/US Government organizations and agencies. Additionally, the candidate must support rotational weekend and holiday workdays.

Demonstrated Experience (Minimum 3 years):

• Knowledge of Advanced Persistent Threats (APT), network attack patterns, detection techniques, trends, threat actors and techniques for defending a network against these attacks
• Providing detailed triage of CSSP/IR incidents including implementing intrusion detection and prevention signatures
• Conducting active hunting for network intrusions involving manual packet capture analysis, DNS log review, open source and closed source intel analysis
• Creating detailed reports on attack trends and recommended mitigations that are suitable for both senior leaders and technical audiences
• Extensive experience creating detailed reports pertaining to various cybersecurity related concerns or events
• Gathering, analyzing and implementing defenses against Indicators of Compromise (IoCs) gathered from open forums, closed forums, mailing lists and directed research
• Firm and thorough understanding of CSSP/IR tools (i.e., FireEye, Splunk, BlueCoat, HBSS, Bro) as well as a demonstrated ability to identify new and emerging threats
• Ability to collaborate well within a team construct

Other Skills/Qualifications:

• Current TS security clearance with current SCI access, or have been granted SCI access within the past 24 months
• DoD 8570 IAT-II or above professional certification (i.e., Security , CEH, GCIH)
• Knowledge and experience categorizing CSSP/IR incidents with CJCSM 6510 Incident Response Categories
• Experience with creating custom Yara, Snort and HBSS rules as well as scripting languages Python is a plus

Academic Qualifications:

• BS in computer science, engineering, mathematics, business or related field of study from an accredited institution. Demonstrated work experience equivalent to the academic qualifications will be considered

Work Demands and Environment:

• The work environment and physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to talk or hear.

Travel:

• Occasional local travel expected; less than 5%.

Job Location:

• Arlington, VA (The Pentagon)

Work Schedule:

• Monday – Friday, 7:00am-3:00pm

Candidate Type:

• W-2 and 1099 candidates are welcome to apply

2

Job Type: Full-time

Pay: $100,000.00 - $135,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Health insurance
• Life insurance
• Paid time off
• Professional development assistance
• Referral program
• Retirement plan
• Vision insurance

Experience level:

• 3 years

Schedule:

• 8 hour shift
• Day shift
• Monday to Friday

Experience:

• Cybersecurity: 3 years (Required)
• Information security: 3 years (Required)
• Linux: 1 year (Required)

License/Certification:

• IAT Level II (Required)

Security clearance:

• Top Secret (Required)

Ability to Relocate:

• Washington, DC 20301: Relocate before starting work (Required)

Work Location: In person