Incident Response Analyst III, Arlington, VA 6/16/2018

Tanager, Inc. Arlington, VA

Location
Arlington, VA
AJE Ref #
582145865
Job Classification
Full Time
Job Type
Regular
Company Ref #
12000-06-18001
Experience
Entry Level (0 - 2 years)
Education
Bachelors Degree

JOB DESCRIPTION

APPLY
Tanager, Inc. which specializes in IT, Cyber Security and Insider Threat Mitigation services and solutions is looking to hire a Incident Response Analyst III. Position location is in Arlington, VA. This is an excellent opportunity to work with a leading Woman Owned Small Business systems integration company providing innovative solutions in areas of Information Assurance, Cyber Security, Insider Threat, Helpdesk Services and Information Technology.

This position requires an active TS clearance with the ability to obtain a TS/SCI clearance.

1st Shift ({(} 0600 - 1430 Mon - Fri) Job Description:

* Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System ({(} OS), UNIX, Linux, as well as embedded systems and mainframes.

* Monitor open source channels ({(} e.g. vendor sites, Computer Emergency Response Teams, SysAdmin, Audit, Network, Security ({(} SANS) Institute, Security Focus) to maintain a current understanding of Computer Network Defense ({(} CND) threat condition and determine which security issues may have an impact on the enterprise.

* Perform analysis of log files from a variety of sources ({(} e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.

* Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or Bro as part of duties performing cyber incident response analysis.

* Track and document CND hunts and incidents from initial detection through final resolution.

* Collect intrusion artifacts ({(} e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential CND hunts and incidents within the enterprise.

* Perform forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.

* Perform real-time CND hunt and incident handling ({(} e.g. forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Hunt and Incident Response Teams ({(} IRTs).

* Write and publish CND guidance and reports ({(} e.g. engagement reports) on incident findings to appropriate constituencies.

* Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.

* Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities.

* Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.

* May be required to travel up to 25% of time.

Education/Experience:

* 5+ years of experience involving work directly related to listed skills. Possession of relevant certifications desired: Core: MCSE, CCNA, CCNP, ISC, CAP
Related: CISSP, CISM, ISC, ISSMP, CompTia, SANs, GIAC, PMP
* Bachelor's degree in a technical discipline required.

* Familiar with network analytics including Netflow/PCAP analysis.
* Understanding of cyber forensics concepts including malware, hunt, etc.

* Understanding of how both Windows and Linux systems are compromised.

Please Note: Level IV of this position may also be available. 9+ years of experience is required for a level IV position.