Idaho National Laboratory is hiring a SOC - Incident Response Analyst to work in our Architecture, Engineering, and Operations department. Our team works a 9x80 schedule located out of our IAB facility or Remote with every other Friday off. Respond to crises or urgent situations within the relevant domain to mitigate immediate and potential threats. Use mitigation, preparedness, and response and recovery approaches to maximize survival of life, preservation of property, and information security. Investigate and analyze all relevant response activities. Responsibilities Include: - Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs). - Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that allow expeditious remediation. Represents the cybersecurity organization in presenting relevant information. - Independently works on complex incidents where analysis requires an in‐depth evaluation of multiple factors. Exercises judgment in selecting methods, techniques, and evaluation criteria for obtaining results. - Provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents. - Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems. Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts. Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security. - Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to ensure mitigation of potential cyber defense incidents within the enterprise. - Track and document cyber defense incidents from initial detection through final resolution. - Perform cyber defense trend analysis. Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies. Write and publish after action reviews. - Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing. Research current technology to understand capabilities of required system or network. - Guide and train less experienced analysts to enhance their skills and knowledge. - Offer strategic direction, define requirements, and provide architectural guidance for the SOC team and associated teams. - This position closes: 1/6/25
