Location: Oak Ridge, Tennessee
Job Title: Cyber Defense Incident Responder
Career Level From: Associate
Career Level To: Senior Specialist
Organization: Chief Information Security Off (50003144)
Job Specialty: Cyber Security
What You'll D
oThe Cyber Defense Incident Responder investigates, analyzes, and responds to cyber incidents within the CNS network environment or enclave. Job functions include
- :Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incident
- sCorrelate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediatio
- nPerform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network securit
- yPerform cyber defense incident triage, to include determining scope, urgency, and potential impact,identifying the specific vulnerability, and making recommendations that enable expeditious remediatio
- nPerform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs
- )Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alert
- sTrack and document cyber defense incidents from initial detection through final resolutio
- nCoordinate with intelligence analysts to correlate threat assessment dat
- aPerform cyber defense trend analysis and reportin
- gCoordinate incident response function
- sAdditional responsibilities as necessar
yWhat You Can Expec
- tMeaningful work and unique opportunities to support missions vital to national and global securit
- yTop-notch, dedicated colleague
- sGenerous pay and benefits with a stable organizatio
- nCareer advancement and professional development program
- sWork-life balance fostered through flexible work options and wellness initiative
sMinimum Job Requirement
- sBachelor's degree in engineering/science/information technology discipline
- .Master's degree in engineering/science/information technology discipline
- .Eight or more years of education and/or relevant experience may be considered to satisfy educational and years-of-experience requirements for this postin
gPreferred Job Requirement
- sKnowledge of cyber threats and vulnerabilities, and what constitutes a network attac
- kKnowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks
- )Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusion
- sKnowledge of computer networking concepts and protocols, and network security methodologie
- sKnowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth
- )Ability to perform network traffic and packet level analysi
- sAbility to recognize and categorize types of vulnerabilities and associated attack
- sStrong problem solving and communication skills (both orally and in writing
- )Ability to handle sensitive situations with discretion and maintain confidentialit
- yKnowledge of adversarial tactics, techniques, and procedure
- sAbility to apply techniques for detecting host and network-based intrusions using intrusion detection technologie
- sExperience using security event correlation tools, analytics or SIEM correlation experience, skillset, or backgroun
- dExperience protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters
- )Knowledge of malware analysis concepts and methodologie
- sKnowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS),and directory service
- sKnowledge of application security risk
- sKnowledge of host/network access control mechanisms (e.g., access control list, capabilities lists
- )Knowledge of network services and protocols interactions that provide network communication
- sKnowledge of cloud service models and how those models can limit incident respons
- eKnowledge of incident response and handling methodologie
- sKnowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privac
- yAbility to conduct vulnerability scans and recognize vulnerabilities in security system
s
