Sorry, this job is no longer accepting applications. See below for more jobs that match what you’re looking for!

Incident Response Team Lead

Expired Job

General Dynamics Information Technology Durham , NC 27701

Posted 4 months ago

GDIT is supporting EPA's Office of Environmental Information under the Infrastructure Support and Applications Hosting task order. The purpose of this contract is to develop and operate EPA's infrastructure and application platforms to be reliable, secure, and technologically advanced. The services obtained under this contract support the entirety of EPA at all geographic locations and numerous research facilities across the United States. The services consist of data center management, application hosting, application deployment/maintenance, geospatial service support, network security, cyber security, cloud computing, COOP support, and Enterprise Identity and Access Management (EIAM) and Active Directory (AD). The primary work location is in Research Triangle Park, NC.

We are currently seeking an Incident Response Team Lead to join our team supporting the Environmental Protection Agency's (EPA) Computer Security Incident Response Capability (CSIRC).

The role will involve support of the Agency's CSIRC, managing security incidents through the incident response life cycle, including network, forensic, and malware analysis. Normal tasks will include (but not limited to): oversight of the Incident Response team; management of security incidents; interface with EPA and status and reporting; status and reporting to CSRA management.

The candidate for this position will perform the following (but not limited to) duties and tasks:

  • Research and integration of current vulnerabilities, threats, and security technologies into incident response operations

  • Management of complex security incidents through the incident response life cycle

  • Documentation of security incidents in Remedy and maintenance of incident artifacts

  • Detection and analysis of security incidents through the monitoring of security tools, such as Fortinet, ArcSight, BlueCoat SSA, Cisco AMP/FirePower/Threat Grid, and custom tools

  • Analysis of incident related data, such as packet captures, netflow, DNS history, and logs

  • Forensic analysis through use of both open source and enterprise computer forensic tools

  • Static and dynamic analysis of malicious code identification and analysis

  • Design and implementation of threat containment, and eradication strategies

  • Development of incident response processes and procedures

  • Analysis of organization security posture and development of formal recommendations for control

implementation or modification

  • Generation of after action reports, lessons learned documents, and threat papers for senior management

  • Training and mentoring to other incident response team members

  • Participation in an afterhours on-call rotation

The Candidate must have the following (but not limited to) qualifications and abilities:

Skills:

  • At least five years of experience in a computer security incident response role

  • At least five years of enterprise Linux and Windows administration

  • At least two years of leadership experience

  • Excellent communications and interpersonal skills

  • Passion for information security and incident response

  • Practical experience with TCP/IP networking

  • Experience setting up a Security Operations Center

  • Experience with Active Directory and other enterprise credential stores

  • Experience with virtualization technologies such as VMWare or VirtualBox

  • Experience with computer forensics and malware analysis

  • Critical thinking and problem solving skills

  • Ability to quickly learn new technologies and respond to changing requirements and environment

  • Ability to work independently and in a cross functional team

  • Ability to identify both tactical and strategic solutions to complex issues

Education:

BS or equivalent + 7 yrs related experience, or MS + 5 yrs related experience

Certifications:

CISSP or GIAC certification is desirable.

#cjobs

#dicepost

#gdjobs

For more than 50 years, General Dynamics Information Technology has served as a trusted provider of information technology, systems engineering, training, and professional services to customers across federal, state, and local governments, and in the commercial sector. Over 40,000 GDIT professionals deliver enterprise solutions, manage mission-critical IT programs, and provide mission support services worldwide. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.

Post date: August 10, 2018

Location

  • Thoroughfare (i.e. Street address):

Durham , NC

United States

Location

  • Thoroughfare (i.e. Street address):

Incident Response Team Lead

CSRA

August 10, 2018

GDIT is supporting EPA's Office of Environmental Information under the Infrastructure Support and Applications Hosting task order. The purpose of this contract is to develop and operate EPA's infrastructure and application platforms to be reliable, secure, and technologically advanced. The services obtained under this contract support the entirety of EPA at all geographic locations and numerous research facilities across the United States. The services consist of data center management, application hosting, application deployment/maintenance, geospatial service support, network security, cyber security, cloud computing, COOP support, and Enterprise Identity and Access Management (EIAM) and Active Directory (AD). The primary work location is in Research Triangle Park, NC.

We are currently seeking an Incident Response Team Lead to join our team supporting the Environmental Protection Agency's (EPA) Computer Security Incident Response Capability (CSIRC).

The role will involve support of the Agency's CSIRC, managing security incidents through the incident response life cycle, including network, forensic, and malware analysis. Normal tasks will include (but not limited to): oversight of the Incident Response team; management of security incidents; interface with EPA and status and reporting; status and reporting to CSRA management.

The candidate for this position will perform the following (but not limited to) duties and tasks:

  • Research and integration of current vulnerabilities, threats, and security technologies into incident response operations

  • Management of complex security incidents through the incident response life cycle

  • Documentation of security incidents in Remedy and maintenance of incident artifacts

  • Detection and analysis of security incidents through the monitoring of security tools, such as Fortinet, ArcSight, BlueCoat SSA, Cisco AMP/FirePower/Threat Grid, and custom tools

  • Analysis of incident related data, such as packet captures, netflow, DNS history, and logs

  • Forensic analysis through use of both open source and enterprise computer forensic tools

  • Static and dynamic analysis of malicious code identification and analysis

  • Design and implementation of threat containment, and eradication strategies

  • Development of incident response processes and procedures

  • Analysis of organization security posture and development of formal recommendations for control

implementation or modification

  • Generation of after action reports, lessons learned documents, and threat papers for senior management

  • Training and mentoring to other incident response team members

  • Participation in an afterhours on-call rotation

The Candidate must have the following (but not limited to) qualifications and abilities:

Skills:

  • At least five years of experience in a computer security incident response role

  • At least five years of enterprise Linux and Windows administration

  • At least two years of leadership experience

  • Excellent communications and interpersonal skills

  • Passion for information security and incident response

  • Practical experience with TCP/IP networking

  • Experience setting up a Security Operations Center

  • Experience with Active Directory and other enterprise credential stores

  • Experience with virtualization technologies such as VMWare or VirtualBox

  • Experience with computer forensics and malware analysis

  • Critical thinking and problem solving skills

  • Ability to quickly learn new technologies and respond to changing requirements and environment

  • Ability to work independently and in a cross functional team

  • Ability to identify both tactical and strategic solutions to complex issues

Education:

BS or equivalent + 7 yrs related experience, or MS + 5 yrs related experience

Certifications:

CISSP or GIAC certification is desirable.

#cjobs

#dicepost

#gdjobs

Durham , NC

United States


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Incident Response Analyst Senior

Booz Allen Hamilton Inc.

Posted 2 months ago

VIEW JOBS 11/8/2018 12:00:00 AM 2019-02-06T00:00 Job Description Job Number: R0034502 Incident Response Analyst, Senior Key Role: Serve as an incident response analyst, responsible for identifying and responding to security threats. Maintain responsibility for incident confirmation, response, data collection, investigation, and analysis. Leverage knowledge of computer and network architecture to provide analysis during investigations, identifying adversarial activity and methods for future detection and prevention. Use a combination of open source research, network and host-based forensic analysis, log review and correlation, and pcap analysis to complete investigations. Compose and present reports on findings to leadership for intrusion incidents. Manage incident life cycle, ensuring that all investigations are kept current and are completed. Basic Qualifications: * Experience with system administration, network engineering, and security engineering * Experience with performing host or network incident response, malware analysis, or forensics * Experience with working in a Computer Incident Response Team (CIRT), Computer Security Incident Response Center (CSIRC), or Security Operations Center (SOC) * Knowledge of host and network log sources to apply to investigation and IR methodology in investigations * Knowledge of networking, malware analysis, intrusion analysis, infection vector identification, and forensics * Ability to work as a team player to analyze activity on a complex network and its end points with the goal of protecting the confidentiality, integrity, and availability of systems and data and to learn and adapt quickly * Ability to work using standard operating procedures and be flexible to work beyond the standard daytime working hours, as needed * Ability to obtain a security clearance * HS diploma or GED with 4+ years of experience with Cyber or BA or BS degree * CompTIA Net+, CompTIA A+, CompTIA Security+, GIAC Certified Incident Handler (GCIH), CISSP, or EC-Council Certified Incident Handler (ECIH) Certification Additional Qualifications: * Possession of excellent oral and written communication skills to document incident response Clearance: Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change. JHT Booz Allen Hamilton Inc. Durham NC

Incident Response Team Lead

Expired Job

General Dynamics Information Technology