CNDSP Incident Analyst II
Location: Huntsville, AL, or Vicksburg, MS, or Portland, Oregon
Requires Secret Clearance
The CNDSP Analyst will be responsible for incident handling, triage of events, network analysis and threat detection, trend analysis, vulnerability information dissemination. Coordinates Network Defense Operations and monitor and reports incident status, threat possibilities and trends. Should have knowledge of computer network defense with a strong understanding of the lifecycle of network threats, typical attack vectors, and network and system vulnerability exploitation. This is an operational security function and may require an alternating on-call schedule to provide security and incident response to defense against attacks.
MAJOR JOB ACTIVITIES:
· Provide incident response duties as required and directed by the government Computer Incident Response Team (CIRT).
· Document and report incidents from initial detection through final resolution using standard incident reporting channels and methods.
· Provide remote incident handling support such as forensics collections, intrusion correlation tracking, threat analysis, and direct system remediation tasks to onsite personnel.
· Coordinate with the organization's Cyber Security Team to correlate threat assessment data.
· Utilize malware analysis techniques, advanced statistic and dynamic analysis to identify and assess malicious malware.
· Monitor intrusion detection and security information management systems to discover and mitigate malicious activity on enterprise networks.
· Initiate computer incident handling procedures to isolate and investigate potential network information system compromises.
· Perform malware and/or forensic analysis as part of the incident management process.
· Design and integrate custom rules and reports into proper security tools and data collection architectures.
· Identify risks to computer systems and make written and verbal remediation recommendations to department management staff.
· Respond to General Service Incidents (GSI): Service and infrastructure related incidents (loss of service, poor performance, and service anomalies)
· Respond to Electronic Spillage incidents where classified, Personal Identifiable Information (PII), Controlled Unclassified Information (CUI), or Networks of Interest (NOI) information is introduced on an IT system or network that it is not authorized to hold or process.
· Respond to Unauthorized disclosure: any incident where information, data, or files have been made available to a person or persons who do not have authorized access.
· Respond to requirements associated with Information Operations Conditions (INFOCON) and higher HQ direction.
· Ability to learn the interface, customization, language acceptance, and logic of new CND related tools as the customer acquires them.
· Support Security Incident Response to include: Perimeter Configuration, CND events or identified threats, End user level intrusion or rouge systems, vulnerability identification and mitigation, and Mission Assurance events impacting IT systems or networks.
· Ensure staff are following customer, DoD, Army, organizational policies and procedures.
· This position is for shift work for 24/7 coverage.
· Other duties as assigned.
MATERIAL & EQUIPMENT DIRECTLY USED:
Desktop/Laptop computers, IA and CND software security applications: See Below.
Must comply with OSHA, EPA, Fire and Safety Regulations and published company work policies.
Working environment will be in office environment/indoors and may extend into late hours.
This position requires the applicant be able to travel up to 25% of the time.
Individual should be able to lift up to 40 lbs. unassisted.
Education/Certifications: One year related experience may be substituted for one year of education, if degree is required.
Bachelor’s degree in Information Security or IT related field.
At least 6 years’ experience in Information Security.
At least 3 years of experience in Computer Network Defense (CND).
Experience with security analysis and solutions in a WAN/LAN environment.
Must be willing to work shifts in 24x7 operational environment, which may include extended hours at no notice, evenings, nights, holidays, and weekends
Must be willing to travel; travel is infrequent and often less than two weeks if needed
Candidate must have a DoD Secret security clearance to start
This position requires DoD 8140 (DOD 8570) standards as a CNDSP Incident Responder (GCIH, CEH, CSIH, GCFA) and the corresponding CE, applicant must be able to obtain and maintain the required certification within 60 days from date of hire
Excellent relationship and team communication skills.
Strategic and tactical mindset.
Critical thinking and problem solving skills.
High tolerance/evolved ability to lead and manage ambiguous situations.
Excellent organization skills.
Excellent verbal, written, facility and presentation skills.
Collaboration and team leadership abilities.
Effective time management skills.
Ability to establish customer trust and confidence.
Ability to travel within company and customer locations as needed within short notice.
If the needs of the business dictate, perform tasks outside normally scheduled business hours.
Must be a U.S. citizen, secret clearance required at start date.