Incident Manager II, Gridiron IT, Arlington, VA
Gridiron IT -
Arlington, VA,
US
Incident Manager II
Date Posted: 2024-06-20
Job description
Gridiron IT is seeking an Incident Manager to support our client onsite in Arlington, VA with an active TS clearance.
Responsibilities:
- Researching and compiling known resolution steps or workarounds to enable mitigation of potential Computer Network Defense incidents within the enterprise
- Applying knowledge of the tactics, techniques, and procedures of various criminal, insider, hacktivist, and nation state threat actors to identify and validate threats
- Applying cybersecurity concepts to the detection and defense of intrusions into small, and large-scale IT networks, and conduct cursory analysis of log data
- Conducting cursory analysis of log data
- Monitoring external data sources (e.g., Computer Network Defense vendor sites, Computer Emergency Response Teams [CERTs], SANS, Security Focus) to maintain currency of Computer Network Defense threat condition and determine which security issues may have an impact on the enterprise
- Identifying the cause of an incident and recognizing the key elements to ask external entities when learning the background and potential infection vector of an incident
- Receiving and analyzing network alerts from various sources within the enterprise and determine possible causes of such alerts
- Tracking and documenting Computer Network Defense (CND) incidents from initial detection through final resolution
- Working with other components within the organization to obtain and coordinate information pertaining to ongoing incidents.
- Providing support during assigned shifts (2:00 PM - 10:30 PM ET or 10:00 PM - 6:30 AM ET and 12 hour weekend shifts)
Required Skills:
- U.S. Citizenship
- Must have an active TS/SCI clearance
- Must be able to obtain DHS Suitability
- 2+ years of directly relevant experience in cyber incident management or cybersecurity operations
-Knowledge of incident response and handling methodologies
- Knowledge of the NCCIC National Cyber Incident Scoring System to be able to prioritize triaging of incident
- Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)
- Skill in recognizing and categorizing types of vulnerabilities and associated attacks
- Knowledge of basic system administration and operating system hardening techniques
- Knowledge of Computer Network Defense policies, procedures, and regulations
- Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored])
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code) - Must be able to work collaboratively across physical locations
Desired Skills:
- Knowledge of basic system administration and operating system hardening techniques
- Knowledge of Computer Network Defense policies, procedures, and regulations
- Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored])
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code)
Required Education: BS Incident Management, Operations Management, Cybersecurity or related degree. Two years of related work experience may be substituted for each year of degree level education. Desired Certifications: GCIH, GCFA GISP, GCED, CCFP or CISSP
Responsibilities:
- Researching and compiling known resolution steps or workarounds to enable mitigation of potential Computer Network Defense incidents within the enterprise
- Applying knowledge of the tactics, techniques, and procedures of various criminal, insider, hacktivist, and nation state threat actors to identify and validate threats
- Applying cybersecurity concepts to the detection and defense of intrusions into small, and large-scale IT networks, and conduct cursory analysis of log data
- Conducting cursory analysis of log data
- Monitoring external data sources (e.g., Computer Network Defense vendor sites, Computer Emergency Response Teams [CERTs], SANS, Security Focus) to maintain currency of Computer Network Defense threat condition and determine which security issues may have an impact on the enterprise
- Identifying the cause of an incident and recognizing the key elements to ask external entities when learning the background and potential infection vector of an incident
- Receiving and analyzing network alerts from various sources within the enterprise and determine possible causes of such alerts
- Tracking and documenting Computer Network Defense (CND) incidents from initial detection through final resolution
- Working with other components within the organization to obtain and coordinate information pertaining to ongoing incidents.
- Providing support during assigned shifts (2:00 PM - 10:30 PM ET or 10:00 PM - 6:30 AM ET and 12 hour weekend shifts)
Required Skills:
- U.S. Citizenship
- Must have an active TS/SCI clearance
- Must be able to obtain DHS Suitability
- 2+ years of directly relevant experience in cyber incident management or cybersecurity operations
-Knowledge of incident response and handling methodologies
- Knowledge of the NCCIC National Cyber Incident Scoring System to be able to prioritize triaging of incident
- Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)
- Skill in recognizing and categorizing types of vulnerabilities and associated attacks
- Knowledge of basic system administration and operating system hardening techniques
- Knowledge of Computer Network Defense policies, procedures, and regulations
- Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored])
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code) - Must be able to work collaboratively across physical locations
Desired Skills:
- Knowledge of basic system administration and operating system hardening techniques
- Knowledge of Computer Network Defense policies, procedures, and regulations
- Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored])
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return- oriented attacks, and malicious code)
Required Education: BS Incident Management, Operations Management, Cybersecurity or related degree. Two years of related work experience may be substituted for each year of degree level education. Desired Certifications: GCIH, GCFA GISP, GCED, CCFP or CISSP