Vectrus is seeking a Detection Incident Handler to support a U.S. Government customer on a large mission critical development and sustainment program to design, build, deliver, and operate a network operations environment; including introducing new cyber capabilitiesto address emerging threats.
Responsibilities
Senior level opportunity for someone very experienced with Security Operations Centers (SOCs), Incident Management, Detection Engineering and Threat Hunting
Participates with development, maintenance, and testing of security alerts covering a wide range of operating systems, services, and applications
Analyze, triage and lead security incidents
Develop and present performance reports and metrics
Provide a technical resource and escalation point for Tier 1 and Tier 2 analysts
Performs activities including planning, providing technical leadership, and tracking projects and key task dates
Uses security monitoring tools to investigate, respond to, and recommend appropriate corrective actions for data security incidents
Produce high quality oral and written presentations, communicating complex technical matters clearly and concisely with audiences ranging from peers to senior management
Develops and assists in maintenance of standard operating procedures to ensure security is in compliance with policies and standards
Qualifications
Minimum Qualifications:
Active Secret clearance. Must be able to obtain a TS/SCI clearance
Must be able to obtain DHS Suitability
8 years of experience engineering, operating, or managing layered security and SIEM integration for on premise or cloud/private cloud environment.
2+ years of Tier 3 incident handler experience in cloud and/or on-premise environment
Minimum 2 years of professional experience working with AWS or Azure infrastructure, services in a security focused role.
Advanced knowledge of AWS & Azure architectural concepts and guardrails.
Experience engineering, operating, and managing layered security and SIEM integration
Demonstrated experience handling incidents across multiple operating systems
Excellent written and oral communication skills
Education / Certifications:
A bachelor's degree in systems engineering, a related specialized area or field. Two years of related work experience may be substituted for each year of degree level education
Desired Certifications:
DoDI 8570.01-M IAT Level II Technical Certification (Security+ CE, CCNA + Security, SSCP, CYSA) or equivalent AND an Incident Reporter Certification (CEH, GCIH, GCIA, GNFA, or comparable certification)
Experience / Skills:
Desired Skills:
Information Security and IT certifications: Cisco, Red Hat, AWS, etc.
Experience administering cyber security tools such as Firewalls, SIEM, and PCAP
Virtualization technologies, e.g. VMWare, HyperV, etc.
Solid understanding of the different file structures, computer architecture, and operating system functions, sufficient to administer and troubleshoot Windows and *nix systems. Candidate must be prepared to demonstrate that they understand common indicators of compromise and where to find evidence of compromise (example: abnormal process, files, network connections, abnormal log entries, etc.) as part of an in-depth collaborative investigation process.
We are committed to an inclusive and diverse workplace that values and supports the contributions of each individual. This commitment along with our common Vision and Values of Integrity, Respect, and Responsibility, allows us to leverage differences, encourage innovation and expand our success in the global marketplace. Vectrus is an Equal Opportunity /Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, protected veteran status or status as an individual with a disability. EOE/Minority/Female/Disabled/Veteran.