Global Engineering & Technology, Inc.
Cyber Defense Incident Responder (CDIR) / Mostly Remote
Global Engineering & Technology, Inc., Oak Ridge, Tennessee, United States, 37830
THIS POSITION IS MOSTLY REMOTE
- In its majority, work will be performed remotely from the employee's place of residence. Pre-planned travel to Oak Ridge, Tennessee, will be required twice per quarter (generally 5-day trips, Sunday through Thursday).
Global Engineering and Technology (GET)
is seeking qualified applicants for the position of
Cyber Defense Incident Responder
(CDIR) to join our cybersecurity team supporting a national security site belonging to the United States Department of Energy (DOE). This is a highly compensated, high-responsibility technical guidance position that is central to our mission's success.
This is a full-time position as a GET employee with paid leave and benefits.
Pre-planned travel to Oak Ridge, Tennessee, will be required twice per quarter (generally 5-day trips, Sunday through Thursday).
The
CDIR
uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats. The
CDIR
notifies designated managers and cybersecurity service provider team members of suspected security incidents and communicates the event's history, status, and potential impact for further action, in accordance with the organization's cyber incident response plan.
THE CDIR SHALL:Coordinate and provide senior-level technical support to enterprise-wide cyber defense analysts to resolve cyber defense IncidentsDetermine the scope, urgency, and impact of cyber defense incidentsCoordinate incident response functions and recommend incident remediation strategiesCorrelate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediationPerform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network securityPerform cyber defense incident triage, including determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediationPerform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alertsTrack and document cyber defense incidents from initial detection through final resolutionCoordinate with intelligence analysts to correlate threat assessment dataPerform cyber defense trend analysis and reportingRequirements
Security Clearance:This position requires a current DOE "Q" or DoD, DHS, or IC "Top Secret" security clearance.
Required education and experience:
Pertinent certifications and military training will be considered toward degree and experience requirementAssociate's degree in a technical field and 10 years of recent hands-on cyber defense incident response experienceBachelor's degree in a technical field and 5 years of recent hands-on cyber defense incident response experienceRequired knowledge (as demonstrated by technical expertise and certification):
Computer networking concepts and protocols, and network security methodologiesCyber threats and vulnerabilitiesAuthentication, authorization, and access control methodsCyber defense and vulnerability assessment tools and their capabilitiesHost/network access control mechanisms (e.g., access control list, capabilities lists)Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins)Incident response and handling methodologiesIntrusion detection methodologies and techniques for detecting host and network-based intrusionsInformation technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)Network access, identity, and access managementNetwork traffic analysis methodsOperating systemsSystem and application security threats and vulnerabilitiesVirtual Private Network (VPN) securityWhat constitutes a network attack and a network attack's relationship to both threats and vulnerabilitiesInsider Threat investigations, reporting, investigative tools and laws/regulationsAdversarial tactics, techniques, and proceduresNetwork tools (e.g., ping, traceroute, nslookup)The common attack vectors on the network layerSignature implementation impact for viruses, malware, and attacksWindows/Unix ports and servicesThe use of sub-netting toolsOperating system command-line toolsIntrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applicationsNetwork protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory servicesRequired skills (as demonstrated by technical expertise and certification):
Developing and deploying signaturesDetecting host and network-based intrusions via intrusion detection technologies (e.g., Snort)Using incident handling methodologiesRecognizing and categorizing types of vulnerabilities and associated attacksReading and interpreting signaturesPerforming packet-level analysisAbility to analyze malwareConduct vulnerability scans and recognize vulnerabilities in security systemsAccurately and completely source all data used in intelligence, assessment and/or planning productsApply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)Apply techniques for detecting host and network-based intrusions using intrusion detection technologiesInterpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute)Excellent report writing and presentation skills with the ability to explain technical details in a concise, understandable mannerBenefits
We provide exceptional benefits to our full-time employees (spouse/family coverage option also available at a company-subsidized rate).
Benefits include:
Medical plan options with UnitedHealthcareDental InsuranceLong-term and Short-term Disability InsuranceLife InsuranceAD&D InsuranceGenerous 401(k) match
All benefits are effective on day one of employment. Global Engineering & Technology, Inc. is an equal opportunity employer and does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in provision of employment opportunities and benefits.
- In its majority, work will be performed remotely from the employee's place of residence. Pre-planned travel to Oak Ridge, Tennessee, will be required twice per quarter (generally 5-day trips, Sunday through Thursday).
Global Engineering and Technology (GET)
is seeking qualified applicants for the position of
Cyber Defense Incident Responder
(CDIR) to join our cybersecurity team supporting a national security site belonging to the United States Department of Energy (DOE). This is a highly compensated, high-responsibility technical guidance position that is central to our mission's success.
This is a full-time position as a GET employee with paid leave and benefits.
Pre-planned travel to Oak Ridge, Tennessee, will be required twice per quarter (generally 5-day trips, Sunday through Thursday).
The
CDIR
uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats. The
CDIR
notifies designated managers and cybersecurity service provider team members of suspected security incidents and communicates the event's history, status, and potential impact for further action, in accordance with the organization's cyber incident response plan.
THE CDIR SHALL:Coordinate and provide senior-level technical support to enterprise-wide cyber defense analysts to resolve cyber defense IncidentsDetermine the scope, urgency, and impact of cyber defense incidentsCoordinate incident response functions and recommend incident remediation strategiesCorrelate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediationPerform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network securityPerform cyber defense incident triage, including determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediationPerform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alertsTrack and document cyber defense incidents from initial detection through final resolutionCoordinate with intelligence analysts to correlate threat assessment dataPerform cyber defense trend analysis and reportingRequirements
Security Clearance:This position requires a current DOE "Q" or DoD, DHS, or IC "Top Secret" security clearance.
Required education and experience:
Pertinent certifications and military training will be considered toward degree and experience requirementAssociate's degree in a technical field and 10 years of recent hands-on cyber defense incident response experienceBachelor's degree in a technical field and 5 years of recent hands-on cyber defense incident response experienceRequired knowledge (as demonstrated by technical expertise and certification):
Computer networking concepts and protocols, and network security methodologiesCyber threats and vulnerabilitiesAuthentication, authorization, and access control methodsCyber defense and vulnerability assessment tools and their capabilitiesHost/network access control mechanisms (e.g., access control list, capabilities lists)Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins)Incident response and handling methodologiesIntrusion detection methodologies and techniques for detecting host and network-based intrusionsInformation technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)Network access, identity, and access managementNetwork traffic analysis methodsOperating systemsSystem and application security threats and vulnerabilitiesVirtual Private Network (VPN) securityWhat constitutes a network attack and a network attack's relationship to both threats and vulnerabilitiesInsider Threat investigations, reporting, investigative tools and laws/regulationsAdversarial tactics, techniques, and proceduresNetwork tools (e.g., ping, traceroute, nslookup)The common attack vectors on the network layerSignature implementation impact for viruses, malware, and attacksWindows/Unix ports and servicesThe use of sub-netting toolsOperating system command-line toolsIntrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applicationsNetwork protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory servicesRequired skills (as demonstrated by technical expertise and certification):
Developing and deploying signaturesDetecting host and network-based intrusions via intrusion detection technologies (e.g., Snort)Using incident handling methodologiesRecognizing and categorizing types of vulnerabilities and associated attacksReading and interpreting signaturesPerforming packet-level analysisAbility to analyze malwareConduct vulnerability scans and recognize vulnerabilities in security systemsAccurately and completely source all data used in intelligence, assessment and/or planning productsApply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)Apply techniques for detecting host and network-based intrusions using intrusion detection technologiesInterpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute)Excellent report writing and presentation skills with the ability to explain technical details in a concise, understandable mannerBenefits
We provide exceptional benefits to our full-time employees (spouse/family coverage option also available at a company-subsidized rate).
Benefits include:
Medical plan options with UnitedHealthcareDental InsuranceLong-term and Short-term Disability InsuranceLife InsuranceAD&D InsuranceGenerous 401(k) match
All benefits are effective on day one of employment. Global Engineering & Technology, Inc. is an equal opportunity employer and does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in provision of employment opportunities and benefits.