Senior Cyber Defense Incident Responder

Job Locations US-CO-Colorado Springs
ID
2024-7101
Category
Cybersecurity
Type
Regular Full-Time

Responsibilities & Qualifications

RESPONSIBILITIES

  • Contribute to the functional management and oversight of the collection and analysis of threat intelligence, event analysis, automation and orchestration, and incident response.
  • Contribute to the execution of Cyber Security operations, incident response, and investigations spanning across all functions of the Corporate Security organization.
  • Rapidly and accurately determine the source of a security incident and moving quickly to identify and apply containment, mitigation, and remediation steps.
  • Leverage the corporate incident case management solution to document and report on incidents to meet audit, compliance and legal requirements.
  • Conduct in-depth root cause analysis on complex malware and user/system behavior events.
  • Gather and analyze forensic evidence for cyber security incidents and investigations.
  • Design and implement threat and event analysis automation to improve the speed and accuracy of incident identification and mitigation.
  • Develop and document enhanced event analysis and incident response processes and procedures.
  • Serve as a member of an incident response and monitoring team.
  • Perform investigations to identify attack vectors, confirm infections, and suggest mitigation tactics.
  • Develops technical solutions and Standard Operating Procedures (SOPs) for incident response, network security, advanced analytic tools, and data visualization techniques.
  • Collaborate with technical teams to identify, resolve, and mitigate vulnerabilities.
  • Monitor, analyze, and detect Cyber events and incidents within information systems and networks under general supervision.
  • Assist with integrated, dynamic Cyber defense, coordinate and maintain security toolsets to support organizations’ continuous monitoring and ongoing authorization programs.
  • Develop security assessment plans for systems, including the objectives, scope, schedule, required documentation, possible risks, and other logistical items for security assessments; develops cloud service provider testing approach from security perspective.
  • Provides validation of security control tests for cloud service provides, coordinating access to systems and approvals for scanning activities.
  • Conducts ad hoc testing on an as-needed basis to assist with development activities or vulnerability remediation.
  • Reviews/tests system security controls (managerial, operational, and technical) to determine adequacy against federal requirements (e.g., NIST SP 800-53) and mission context.
  • Documents plans of action and milestones for corrective action following assessment activities and in response to identified vulnerabilities.
  • Drafts security policies and procedures including the system security plan, and agency specific policies in accordance with NIST requirement.
  • Routinely conducts risk assessments to quantify impacts of vulnerabilities.
  • Collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
  • Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
  • Coordinate incident response functions.
  • Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
  • Perform cyber defense trend analysis and reporting.
  • Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
  • Write and publish after action reviews.
  • Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies.
  • Coordinate with intelligence analysts to correlate threat assessment data.
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
  • Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).
  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.
  • Perform cyber defense incident triage, to include determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation.
  • Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).
  • Serve as technical expert and liaison to law enforcement personnel and explain incident details as required.
  • Track and document cyber defense incidents from initial detection through final resolution.

REQUIRED QUALIFICATIONS

  • Active Top-Secret clearance
  • Active IAT II certification (i.e. Security+)
  • 8 years of experience of relevant experience.
  • BS in Cybersecurity, Info Technology, Computer Science

Overview

We are seeking a Security Operations Center Cyber Defense Incident Responder (Senior), to join our team on the DCO DEL-6 Support Team.

 

The Delta 6 SOC provides the primary operational capability for USSF’s Tier 2 Cyber Security Service Provider (CSSP). It conducts 24/7/365 enterprise DCO through proactive protect, detect, respond, and recover activities IAW requirements identified in DoD Instruction (DODI) 8530.01 (Cybersecurity Activities Support to DoD Information Network Operations), Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01B (Cyber Incident Handling Program), and the DOD Cybersecurity Evaluations Scoring Metrics (ESM). The SOC’s mission is to defend USSF space mission systems from rapidly evolving cyberspace threats from state and non-state actors. These DCO activities are executed to prevent, detect, and respond to cyber threats and attacks to the USSF space enterprise that may cause disruption, denial, degradation, destruction, exploitation, and unauthorized access or information theft to critical space mission system networks, subsystems and components, and data. The Contractor shall staff the SOC appropriately for a 24/7/365 work center.

 

TekSynap is a fast growing high-tech company that understands both the pace of technology today and the need to have a comprehensive well planned information management environment. “Technology moving at the speed of thought” embodies these principles – the need to nimbly utilize the best that information technology offers to meet the business needs of our Federal Government customers.

 

We offer our full-time employees a competitive benefits package to include health, dental, vision, 401K, life insurance, short-term and long-term disability plans, vacation time and holidays.

Visit us at www.TekSynap.com

Apply now to explore jobs with us!  

The safety and health of our employees is of the utmost importance. Employees are required to comply with any vaccination requirements mandated by contract, applicable law or regulation.

By applying to a role at TekSynap you are providing consent to receive text messages regarding your interview and employment status.  If at any time you would like to opt out of text messaging, respond "STOP".

Additional Job Information

WORK ENVIRONMENT AND PHYSICAL DEMANDS

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of the job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

  • Location: Colorado Springs, CO [Schreiver SFB SOC]
  • Type of environment: Operations Center
  • Noise level: Medium
  • Work schedule: Schedule is day shift Monday – Friday. May be requested to work evenings and weekends to meet program and contract needs.
  • Amount of Travel: up to 20%

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is regularly required to use hands to handle, feel, touch; reach with hands and arms; talk and hear. The employee is regularly required to stand; walk; sit; climb or balance; and stoop, kneel, crouch, or crawl. The employee is regularly required to lift up to 10 pounds. The employee is frequently required to lift up to 25 pounds; and up to 50 pounds. The vision requirements include close vision, distance vision, peripheral vision, depth perception, and ability to adjust focus.

 

WORK AUTHORIZATION/SECURITY CLEARANCE

US Citizenship

Active Top-Secret Clearance

 

OTHER DUTIES

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

 

WAGE INFORMATION

Target salary range: $112,000 - $144,000. The salary range displayed is an estimate and will be determined on several factors regarding the individual’s particular combination of education, knowledge, skills, competencies and experience, as well as contract parameters and organizational requirements.  The displayed salary is one component of the total compensation package for employees. 

 

EQUAL EMPLOYMENT OPPORTUNITY

In order to provide equal employment and advancement opportunities to all individuals, employment decisions will be based on merit, qualifications, and abilities. TekSynap does not discriminate against any person because of race, color, creed, religion, sex, sexual orientation, gender identity, protected veteran status, national origin, disability, age, genetic information or any other characteristic protected by law (referred to as “protected status”). This nondiscrimination policy extends to all terms, conditions, and privileges of employment as well as the use of all company facilities, participation in all company-sponsored activities, and all employment actions such as promotions, compensation, benefits, and termination of employment.

 

TekSynap is committed to ensuring that our online application process provides an equal employment opportunity to all job seekers, including individuals with disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to submit an application, please contact hr@teksynap.com for assistance.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed