Cyber Defense Incident Responder 15659

What Youll Do

The Cyber Defense Incident Responder investigates analyzes and responds to cyber incidents within the CNS network environment or enclave. Job functions include:

• Coordinate and provide expert technical support to enterprisewide cyber defense technicians to resolve cyber defense incidents
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
• Perform analysis of log files from a variety of sources (e.g. individual host logs network traffic logs firewall logs and intrusion detection system IDS logs) to identify possible threats to network security
• Perform cyber defense incident triage to include determining scope urgency and potential impactidentifying the specific vulnerability and making recommendations that enable expeditious remediation
• Perform realtime cyber defense incident handling (e.g. forensic collections intrusion correlation and tracking threat analysis and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
• Track and document cyber defense incidents from initial detection through final resolution
• Coordinate with intelligence analysts to correlate threat assessment data
• Perform cyber defense trend analysis and reporting
• Coordinate incident response functions
• Additional responsibilities as necessary

What You Can Expect

Minimum Job Requirements

• Bachelors degree in engineering/science/information technology discipline.
• Masters degree in engineering/science/information technology discipline.
• Eight or more years of education and/or relevant experience may be considered to satisfy educational and yearsofexperience requirements for this posting

Preferred Job Requirements

• Knowledge of cyber threats and vulnerabilities and what constitutes a network attack
• Knowledge of cyber attack stages (e.g. reconnaissance scanning enumeration gaining access escalation of privileges maintaining access network exploitation covering tracks)
• Knowledge of intrusion detection methodologies and techniques for detecting host and networkbased intrusions
• Knowledge of computer networking concepts and protocols and network security methodologies
• Knowledge of network security architecture concepts including topology protocols components and principles (e.g. application of defenseindepth)
• Ability to perform network traffic and packet level analysis
• Ability to recognize and categorize types of vulnerabilities and associated attacks
• Strong problem solving and communication skills (both orally and in writing)
• Ability to handle sensitive situations with discretion and maintain confidentiality
• Knowledge of adversarial tactics techniques and procedures
• Ability to apply techniques for detecting host and networkbased intrusions using intrusion detection technologies
• Experience using security event correlation tools analytics or SIEM correlation experience skillset or background
• Experience protecting a network against malware. (e.g. NIPS antimalware restrict/prevent external devices spam filters)
• Knowledge of malware analysis concepts and methodologies
• Knowledge of network protocols such as TCP/IP Dynamic Host Configuration Domain Name System (DNS)and directory services
• Knowledge of application security risks
• Knowledge of host/network access control mechanisms (e.g. access control list capabilities lists)
• Knowledge of network services and protocols interactions that provide network communications
• Knowledge of cloud service models and how those models can limit incident response
• Knowledge of incident response and handling methodologies
• Knowledge of laws regulations policies and ethics as they relate to cybersecurity and privacy
• Ability to conduct vulnerability scans and recognize vulnerabilities in security systems

Why Y12

Notes