Incident Response Analyst

Quantico, VA

Please go to our website to apply: https://www.caskgov.com/careers/openings/.

POSITION: Incident Response Analyst

LOCATION: Quantico, VA

STATUS: Fully Funded

CLEARANCE: Active Secret Clearance Required

TRAVEL: Up to 25%

DESCRIPTION:

Cask is seeking a Senior Incident Response Analyst to support the Marine Corps Cyberspace Operations Group (MCCOG). The applicant will be responsible for collecting and analyzing network and computing events presented via numerous sources to identify and document malicious or unauthorized activity on the Enterprise Network. Conduct initial, formal incident reporting and use appropriate skills and techniques in scoping, containing, and eradicating incidents based on the processes outlined in CJCSM 6510.01B, “Cyber Incident Handling Program,” dated 10 July 2012 or later.

As an Incident Response Analyst, you will:

• Receive and analyze network alerts to determine the cause of those alerts.
• Receive and analyze reports from multiple sources to determine possible causes of such alerts and tune detection capabilities to alert on future occurrences
• Monitor external data sources to maintain visibility of net defense threat conditions and emerging threats to the Enterprise Network and determine enterprise exposure to recommend preemptive defensive measures.
• Inspect, identify and analyze network traffic for possible malicious and anomalous network activity.
• Analyze log files from various sources within the Enterprise Network to characterize anomalous activity.
• Conduct initial troubleshooting of network sensor availability and coordinate with Sensor Grid Support technicians to maintain sensor availability.
• Develop methods for automating incident detection. Provide quarterly reports on new automation actions and their results.
• Document the technical details of suspected network incidents utilizing an internal reporting database to support incident response and reporting requirements.
• Perform event correlation using information gathered from multiple sources within the Enterprise Network to gain situational awareness and determine the impact of a network attack.
• Support post-mortem analysis from compromised systems.
• Collect and analyze network intrusion artifacts from various sources, including logs, system images, and packet captures, to enable mitigation of network incidents within the Enterprise Network.
• Document and report incidents within the MCD from initial detection through final resolution using standard DOD incident reporting.
• Perform incident triage to determine scope, urgency, and potential operational impact by identifying the specific vulnerability and making recommendations that enable rapid remediation at the enterprise level.

Required Skills / Preferred Qualifications:

• Bachelor's degree or combined experience/education substitute for minimum education.
• Three (3) years of demonstrated experience as an Incident Response Analyst or similar role.
• Experience with the electronic investigation, forensic tools, and methodologies, including log correlation and analysis, forensically handling electronic data, knowledge of computer security investigative processes, and malware identification and analysis.
• Experience with SIEM technologies.
• Understanding of functionality and capabilities of computer network defense technologies, including Router ACLs, Firewalls, IDS/IPS, Anti-virus, Web Content filtering, host detection systems, SIEM, ports, and protocols, enCase, GREM
• Information Assurance Technical (IAT) Level II certification
• Required Security Clearance: Active Secret

About Cask

Cask is a woman-owned small business (WOSB) founded in 2004 by a group of professionals who saw the need to help clients use and unlock the value of technology in more efficient, cost-effective ways. Cask delivers business and technology advisory and consulting services to help our customers succeed.

Cask is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, age, status as a protected veteran, among other things, or position as a qualified individual with a disability.

EEO/Employer/Vet/Disabled