Cyber Defense Incident Responder

Location: Oak Ridge, Tennessee Job Title: Cyber Defense Incident Responder Career Level From: Associate Career Level To: Senior Specialist Organization: Chief Information Security Off (50003144) Job Specialty: Cyber Security What You'll Do The Cyber Defense Incident Responder investigates, analyzes, and responds to cyber incidents within the CNS network environment or enclave. Job functions include: Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security Perform cyber defense incident triage, to include determining scope, urgency, and potential impact,identifying the specific vulnerability, and making recommendations that enable expeditious remediation Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs) Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts Track and document cyber defense incidents from initial detection through final resolution Coordinate with intelligence analysts to correlate threat assessment data Perform cyber defense trend analysis and reporting Coordinate incident response functions Additional responsibilities as necessary What You Can Expect Meaningful work and unique opportunities to support missions vital to national and global security Top-notch, dedicated colleagues Generous pay and benefits with a stable organization Career advancement and professional development programs Work-life balance fostered through flexible work options and wellness initiatives Minimum Job Requirements Bachelor's degree in engineering/science/information technology discipline. Master's degree in engineering/science/information technology discipline. Eight or more years of education and/or relevant experience may be considered to satisfy educational and years-of-experience requirements for this posting Preferred Job Requirements Knowledge of cyber threats and vulnerabilities, and what constitutes a network attack Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks) Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions Knowledge of computer networking concepts and protocols, and network security methodologies Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth) Ability to perform network traffic and packet level analysis Ability to recognize and categorize types of vulnerabilities and associated attacks Strong problem solving and communication skills (both orally and in writing) Ability to handle sensitive situations with discretion and maintain confidentiality Knowledge of adversarial tactics, techniques, and procedures Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies Experience using security event correlation tools, analytics or SIEM correlation experience, skillset, or background Experience protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters) Knowledge of malware analysis concepts and methodologies Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS),and directory services Knowledge of application security risks Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists) Knowledge of network services and protocols interactions that provide network communications Knowledge of cloud service models and how those models can limit incident response Knowledge of incident response and handling methodologies Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy Ability to conduct vulnerability scans and recognize vulnerabilities in security systems Why Pantex and Y-12? You get morethanajob. We encourage employees to achieve a healthy personal balance among home, work and the community. One of the ways we embrace work-life balance is by offering flexible work arrangements that provide alternatives to the traditional workweek, while still meeting business needs. Top talent and personal commitment mean more to our success than any other factors, so we reward our people with the kinds of benefits that make a positive difference in the quality of their lives. Benefits such as: medical plan, prescription drug plan, vision plan, dental plan, employer matched 401(k) savings plan, disability coverage, education reimbursement and many more. Want to stay healthy and fit but hate the cost of a gym membership? Take advantage of one of our onsite workout facilities and eat healthy in our onsite cafeterias. Much more than a workplace, at Pantex and Y-12, you can build a career that lasts a lifetime. Notes The minimum education and experience for the lowest career level in the job posting range are listed under Minimum Job Requirements. Successful candidates hired into a higher career level than the minimum in the range must meet the requirements listed in the job leveling charts for the career level into which they are being hired. If a range of Career Levels is posted, i.e., Senior Associate to Senior Specialist, internal applicants already in one of the Career Levels would come across at their current Career Level. Internal applicants currently in a lower level Career Level would move to the lowest posted Career Level. Requires a Q clearance; however all qualified candidates will be considered regardless of their current clearance status. The ability to obtain and maintain a Department of Energy Q clearance is required. Position may require entry into Materials Access Areas (MAA) and participation in the Human Reliability Program (HRP). If HRP is required, candidate must complete a counterintelligence-scope polygraph, pursuant to 10CFR 709. Medical requirements may apply. CNS is a drug-free workplace. Candidates accepting a job offer will be required to pass a pre-placement physical, drug screening and background investigation. As an employee, you may be required to receive and maintain a security clearance from the United States Department of Energy in order to meet eligibility requirements for access to sensitive information or matter. U.S. citizenship is a requirement for security clearance applicants. All employees are subject to being randomly selected for drug testing without advance notification. CNS is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, gender, sexual orientation, gender identity, age, religion, national origin, ancestry, genetic information, disability or veteran status.