NexThreat
Incident Responder - DOC
NexThreat, Pasco, Washington, us, 99302
Location : Washington, D.C/On-Site No Remote
Category : Technology
Schedule (FT/PT):
Normal business hours are Monday-Friday anytime between 6am EST to 6pm
Shift : Work to be performed on site in Washington DC daily. Daily work hours shall not exceed 8 hours a day
Potential for Telework:
No
Citizenship : US Citizen (non-dual citizenship)
Job Description:
MelkoTech is looking for an Incident Responder to join our team to support our customer at the Department of Commerce (DOC). Looking for mid to senior-level Incident Responders, emphasizing threat-hunting background and malware detection experience using EDR, SIEM's (Splunk), and other cybersecurity tools.
Primary Responsibilities:
-Act as main investigators for potential incidents identified by cyber analysts
-Handle incidents through their lifecycle; work with DOC users to analyze, triage, contain, and remediate security incidents
-Responsible for the coordination and reporting of incident related data between internal offices and third parties
-Document and communicate guidance to end users, DOC Bureaus, and senior officials
-Preparing situational awareness reports for DOC, Bureaus, and/or DOC management
-Assist with the development and documentation of processes to ensure consistent and scalable response operations, and ensure continuous improvement to the customer's incident response plan
-Timely dissemination of information to the appropriate stakeholders
-Other incident response related duties as assigned
Required Skills:
-Ten years direct cyber experience
-Cloud experience
-Familiarity with information security publications (e.g., NIST 800-53)
-Familiarity or experience in Cyber Kill Chain methodology
-Inquisitive, problem-solving oriented
-Solid understanding of the cyber landscape and typical threat vectors
-Possess a wide range of knowledge of information security tools and techniques
-Ability to analyze firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs
-Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, Orchestrator logs, and malicious code and other attack artifacts
-Able to effectively manage to evolve and complete objectives.
-Self Managing is a must
-Detail and process-oriented
-Must have at least one of the following certifications: CERT Certified Computer Security Incident Handler, ECC CEH (Electronic Commerce Council Certified Ethical Hacker), GCIH (GIAC Certified Incident Handler), GISF (GIAC Information Security Fundamentals), CISSP (ISC2 Certified Information System Security Professional)
-Additional certifications at an equivalent may also be considered.
Preferred Skills:
-Federal CyberSecurity experience
-Ability to perform deep dive investigations from start to finish of a security incident using data from both host-based and network-based devices
-Ability to forensically investigate both Windows and Linux devices for compromise
-Ability to analyze malicious files through code analysis/reverse engineering
-Ability to perform introspection of the incident for after-action reports to both technical and non-technical staff
-Exposure to handling classified incidents
-Understanding of offensive security (threat hunting and penetration testing)
Category : Technology
Schedule (FT/PT):
Normal business hours are Monday-Friday anytime between 6am EST to 6pm
Shift : Work to be performed on site in Washington DC daily. Daily work hours shall not exceed 8 hours a day
Potential for Telework:
No
Citizenship : US Citizen (non-dual citizenship)
Job Description:
MelkoTech is looking for an Incident Responder to join our team to support our customer at the Department of Commerce (DOC). Looking for mid to senior-level Incident Responders, emphasizing threat-hunting background and malware detection experience using EDR, SIEM's (Splunk), and other cybersecurity tools.
Primary Responsibilities:
-Act as main investigators for potential incidents identified by cyber analysts
-Handle incidents through their lifecycle; work with DOC users to analyze, triage, contain, and remediate security incidents
-Responsible for the coordination and reporting of incident related data between internal offices and third parties
-Document and communicate guidance to end users, DOC Bureaus, and senior officials
-Preparing situational awareness reports for DOC, Bureaus, and/or DOC management
-Assist with the development and documentation of processes to ensure consistent and scalable response operations, and ensure continuous improvement to the customer's incident response plan
-Timely dissemination of information to the appropriate stakeholders
-Other incident response related duties as assigned
Required Skills:
-Ten years direct cyber experience
-Cloud experience
-Familiarity with information security publications (e.g., NIST 800-53)
-Familiarity or experience in Cyber Kill Chain methodology
-Inquisitive, problem-solving oriented
-Solid understanding of the cyber landscape and typical threat vectors
-Possess a wide range of knowledge of information security tools and techniques
-Ability to analyze firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs
-Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, Orchestrator logs, and malicious code and other attack artifacts
-Able to effectively manage to evolve and complete objectives.
-Self Managing is a must
-Detail and process-oriented
-Must have at least one of the following certifications: CERT Certified Computer Security Incident Handler, ECC CEH (Electronic Commerce Council Certified Ethical Hacker), GCIH (GIAC Certified Incident Handler), GISF (GIAC Information Security Fundamentals), CISSP (ISC2 Certified Information System Security Professional)
-Additional certifications at an equivalent may also be considered.
Preferred Skills:
-Federal CyberSecurity experience
-Ability to perform deep dive investigations from start to finish of a security incident using data from both host-based and network-based devices
-Ability to forensically investigate both Windows and Linux devices for compromise
-Ability to analyze malicious files through code analysis/reverse engineering
-Ability to perform introspection of the incident for after-action reports to both technical and non-technical staff
-Exposure to handling classified incidents
-Understanding of offensive security (threat hunting and penetration testing)