Location: Oak Ridge, Tennessee
Job Title: Cyber Defense Incident Responder
Career Level From: Associate
Career Level To: Senior Specialist
Organization: Chief Information Security Off (50003144)
Job Specialty: Cyber Security
What You'll Do
The Cyber Defense Incident Responder investigates, analyzes, and responds to cyber incidents within the CNS network environment or enclave. Job functions include:
- Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents
- Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
- Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security
- Perform cyber defense incident triage, to include determining scope, urgency, and potential impact,identifying the specific vulnerability, and making recommendations that enable expeditious remediation
- Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
- Track and document cyber defense incidents from initial detection through final resolution
- Coordinate with intelligence analysts to correlate threat assessment data
- Perform cyber defense trend analysis and reporting
- Coordinate incident response functions
- Additional responsibilities as necessary
What You Can Expect
- Meaningful work and unique opportunities to support missions vital to national and global security
- Top-notch, dedicated colleagues
- Generous pay and benefits with a stable organization
- Career advancement and professional development programs
- Work-life balance fostered through flexible work options and wellness initiatives
Minimum Job Requirements
- Bachelor's degree in engineering/science/information technology discipline.
- Master's degree in engineering/science/information technology discipline.
- Eight or more years of education and/or relevant experience may be considered to satisfy educational and years-of-experience requirements for this posting
Preferred Job Requirements
- Knowledge of cyber threats and vulnerabilities, and what constitutes a network attack
- Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
- Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions
- Knowledge of computer networking concepts and protocols, and network security methodologies
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
- Ability to perform network traffic and packet level analysis
- Ability to recognize and categorize types of vulnerabilities and associated attacks
- Strong problem solving and communication skills (both orally and in writing)
- Ability to handle sensitive situations with discretion and maintain confidentiality
- Knowledge of adversarial tactics, techniques, and procedures
- Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies
- Experience using security event correlation tools, analytics or SIEM correlation experience, skillset, or background
- Experience protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters)
- Knowledge of malware analysis concepts and methodologies
- Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS),and directory services
- Knowledge of application security risks
- Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists)
- Knowledge of network services and protocols interactions that provide network communications
- Knowledge of cloud service models and how those models can limit incident response
- Knowledge of incident response and handling methodologies
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
- Ability to conduct vulnerability scans and recognize vulnerabilities in security systems
