TJFACT LLC - Totally Joined for Achieving Collaborative Techniques
Incident Response Analyst
TJFACT LLC - Totally Joined for Achieving Collaborative Techniques - Washington, District of Columbia, us, 20022
Work at TJFACT LLC - Totally Joined for Achieving Collaborative Techniques
Overview
- View job
Overview
Bureau of the Fiscal Service - (OFR)
717 14th St NW
Washington, DC 20005, USA
Totally Joined For Achieving Collaborative Techniques (TJFACT) is a minority-owned, CVE-verified Service Disabled Veteran Owned Small Business (SDVOSB) performance driven professional services government contracting company that provides a broad spectrum of services and solutions to the U.S. government agencies and organizations. About this Position: TJFACT is seeking a well-qualified
Incident Response Analyst
to support the
Bureau of the Fiscal Service (FS), on behalf of the Office of Financial Research (OFR)
in
Washington, DC ! The
Incident Response Analyst
is an on-call role providing day-to-day incident response across the OFRAE and JADE networks. This includes investigating alerts from the SOC, third party notifications, and other security tools; working with Enterprise System owners to remediate immediate threats and incidents; knowledge capture and investigation tracking documentation to maintain knowledge on the team; monitor and notify of security tool outages and issues; participate in process enhancements through after-action reports, tabletop exercises, and peer consulting as needed. This role is contingent upon reward. Major Duties and Responsibilities Assess cybersecurity incidents to investigate, validate, respond, and recover the environment, and perform additional activities such as root cause analysis and resilience recommendations. Serve as the primary escalation point for the SOC in the event of an incident. Communicate and coordinate with internal and external teams during incidents and breaches. Design, implement, and document IR processes, procedures, playbooks, and guidelines. Participate in breach and attack simulation and purple teaming exercises to stress test the incident response plans and playbooks. Compose and deliver executive-level reports, presentations, and postmortems for key stakeholders. Provide relevant, strategic recommendations to help improve the security posture of an organization during and after an incident. Analyze emerging threats to improve and maintain the detection and response capabilities of the organization. Document specifications, playbooks, and detections throughout the whole process. Work with developers to build security automation workflows, enrichments, and mitigations. Evaluate policies and procedures and recommend updates to management as appropriate. Required Qualifications: Must be a U.S. Citizen Ability to maintain a Public Trust High (Tier 4/BI) Risk Level Bachelor’s degree or equivalent practical experience in incident response, computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering Four (4) or more years in an incident response role required. Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling preferred. Expertise in at least one blue team capability be it CTI, forensics, malware, etc. Programming and scripting languages, preferably Python and PowerShell. Scripting and automation for use in SOAR is a plus. Strong written and verbal communication skills; must be able to effectively communicate to all levels of staff up to executive-level management, customers (internal and external), and vendors. Deep understanding of computer systems and concepts, including operating systems, computer networking, cloud computing. Continually updated understanding of and ability to recognize and categorize types of vulnerabilities, exploits, and associated attacks. Ability to preserve evidence integrity in keeping with standard operating procedures and/or national standards. Motivation to continually improve the incident response program and associated policies and procedures. Common attacker types and motivations (e.g., nation-state sponsored, ransomware gang, script kiddie, insider threat, etc.) Familiar with and have worked within security frameworks such as: NIST SP 800-61, Attack lifecycle, SANS Security Controls, MITRE ATT&CK, Kill chain, OWASP Top 10 Experience in ticketing workflow, EDR and endpoint data investigations, network pcap and netflow investigation, and other security tool alerting workflow and pivoting. Ability to advise and build automations and complex playbooks to further improve the response capability of the team. This is a highly technical role that requires a solid understanding of incident response and security practices. Preferred Qualifications: Preference given for CCE, CCFE, CEH, CPT, CREA, GCFE, GCFA, GCIH, GCIA GIAC, Splunk Core, OSCP, SANS Security 500 Series or other industry standard equivalent BENEFITS: Medical, Vision and Dental Insurance Paid holidays Short Term and Long-Term Disability Voluntary Term Life TJFACT is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status or status as an individual with a disability. EOE/Minority/Female/Disabled/Veteran. We reserve the right to modify or revise the job descriptions in part or in its entirety. Reasonable accommodation will be made in accordance with governing law.
#J-18808-Ljbffr
Totally Joined For Achieving Collaborative Techniques (TJFACT) is a minority-owned, CVE-verified Service Disabled Veteran Owned Small Business (SDVOSB) performance driven professional services government contracting company that provides a broad spectrum of services and solutions to the U.S. government agencies and organizations. About this Position: TJFACT is seeking a well-qualified
Incident Response Analyst
to support the
Bureau of the Fiscal Service (FS), on behalf of the Office of Financial Research (OFR)
in
Washington, DC ! The
Incident Response Analyst
is an on-call role providing day-to-day incident response across the OFRAE and JADE networks. This includes investigating alerts from the SOC, third party notifications, and other security tools; working with Enterprise System owners to remediate immediate threats and incidents; knowledge capture and investigation tracking documentation to maintain knowledge on the team; monitor and notify of security tool outages and issues; participate in process enhancements through after-action reports, tabletop exercises, and peer consulting as needed. This role is contingent upon reward. Major Duties and Responsibilities Assess cybersecurity incidents to investigate, validate, respond, and recover the environment, and perform additional activities such as root cause analysis and resilience recommendations. Serve as the primary escalation point for the SOC in the event of an incident. Communicate and coordinate with internal and external teams during incidents and breaches. Design, implement, and document IR processes, procedures, playbooks, and guidelines. Participate in breach and attack simulation and purple teaming exercises to stress test the incident response plans and playbooks. Compose and deliver executive-level reports, presentations, and postmortems for key stakeholders. Provide relevant, strategic recommendations to help improve the security posture of an organization during and after an incident. Analyze emerging threats to improve and maintain the detection and response capabilities of the organization. Document specifications, playbooks, and detections throughout the whole process. Work with developers to build security automation workflows, enrichments, and mitigations. Evaluate policies and procedures and recommend updates to management as appropriate. Required Qualifications: Must be a U.S. Citizen Ability to maintain a Public Trust High (Tier 4/BI) Risk Level Bachelor’s degree or equivalent practical experience in incident response, computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering Four (4) or more years in an incident response role required. Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling preferred. Expertise in at least one blue team capability be it CTI, forensics, malware, etc. Programming and scripting languages, preferably Python and PowerShell. Scripting and automation for use in SOAR is a plus. Strong written and verbal communication skills; must be able to effectively communicate to all levels of staff up to executive-level management, customers (internal and external), and vendors. Deep understanding of computer systems and concepts, including operating systems, computer networking, cloud computing. Continually updated understanding of and ability to recognize and categorize types of vulnerabilities, exploits, and associated attacks. Ability to preserve evidence integrity in keeping with standard operating procedures and/or national standards. Motivation to continually improve the incident response program and associated policies and procedures. Common attacker types and motivations (e.g., nation-state sponsored, ransomware gang, script kiddie, insider threat, etc.) Familiar with and have worked within security frameworks such as: NIST SP 800-61, Attack lifecycle, SANS Security Controls, MITRE ATT&CK, Kill chain, OWASP Top 10 Experience in ticketing workflow, EDR and endpoint data investigations, network pcap and netflow investigation, and other security tool alerting workflow and pivoting. Ability to advise and build automations and complex playbooks to further improve the response capability of the team. This is a highly technical role that requires a solid understanding of incident response and security practices. Preferred Qualifications: Preference given for CCE, CCFE, CEH, CPT, CREA, GCFE, GCFA, GCIH, GCIA GIAC, Splunk Core, OSCP, SANS Security 500 Series or other industry standard equivalent BENEFITS: Medical, Vision and Dental Insurance Paid holidays Short Term and Long-Term Disability Voluntary Term Life TJFACT is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status or status as an individual with a disability. EOE/Minority/Female/Disabled/Veteran. We reserve the right to modify or revise the job descriptions in part or in its entirety. Reasonable accommodation will be made in accordance with governing law.
#J-18808-Ljbffr