NIH Incident Response Specialist

Rockville, MD - USA

Monthly Salary: Not Disclosed

Posted on: 2 days ago

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Incident Response Analyst to join our program supporting the National Institutes of Health (NIH). This position is remote. This position requires a Public Trust clearance.
Qualifications:

Bachelors degree in Cybersecurity Information Technology Computer Science or a related technical discipline.
Minimum 25 years of experience supporting cybersecurity operations or incident response activities.
Experience supporting incident response investigations and remediation activities.
Familiarity with SIEM tools log analysis and threat detection technologies.
Understanding of NIST cybersecurity frameworks and federal security requirements.
Ability to analyze security alerts and investigate potential cybersecurity incidents.
Strong analytical documentation and communication skills.

Duties:

Monitor security alerts and respond to cybersecurity incidents affecting NCATS systems.
Conduct incident triage analysis containment eradication and recovery activities.
Coordinate incident response activities with NCATS IT teams security leadership and NIH cybersecurity teams.
Maintain incident documentation and prepare incident response reports.
Support development and improvement of incident response procedures and playbooks.
Investigate and analyze security incidents to determine root cause scope and impact.
Perform technical analysis of system logs network activity and endpoint data during investigations.
Coordinate containment and remediation actions for identified incidents.
Maintain incident tickets and track investigation progress.
Develop postincident analysis reports and recommend improvements to strengthen defenses.
Support operational cybersecurity monitoring and response activities.
Assist with security monitoring tools such as SIEM intrusion detection systems and endpoint protection systems.
Participate in threat hunting and vulnerability mitigation activities.
Provide technical support for incident response exercises and security testing activities.
Support secure firewall management and network security monitoring activities.
Assist with implementation of firewall rules following leastprivilege and defaultdeny principles.
Participate in firewall rule reviews and validation of network traffic logs.
Support monitoring of network segmentation controls and security zones.
Validate logging configurations to ensure compliance with federal logging requirements.

Required Experience:

Senior IC

Bachelors degree in Cybersecurity Information Technology Computer Science or a related technical discipline.
Minimum 25 years of experience supporting cybersecurity operations or incident response activities.
Experience supporting incident response investigations and remediation activities.
Familiarity with SIEM tools log analysis and threat detection technologies.
Understanding of NIST cybersecurity frameworks and federal security requirements.
Ability to analyze security alerts and investigate potential cybersecurity incidents.
Strong analytical documentation and communication skills.

Duties:

Monitor security alerts and respond to cybersecurity incidents affecting NCATS systems.
Conduct incident triage analysis containment eradication and recovery activities.
Coordinate incident response activities with NCATS IT teams security leadership and NIH cybersecurity teams.
Maintain incident documentation and prepare incident response reports.
Support development and improvement of incident response procedures and playbooks.
Investigate and analyze security incidents to determine root cause scope and impact.
Perform technical analysis of system logs network activity and endpoint data during investigations.
Coordinate containment and remediation actions for identified incidents.
Maintain incident tickets and track investigation progress.
Develop postincident analysis reports and recommend improvements to strengthen defenses.
Support operational cybersecurity monitoring and response activities.
Assist with security monitoring tools such as SIEM intrusion detection systems and endpoint protection systems.
Participate in threat hunting and vulnerability mitigation activities.
Provide technical support for incident response exercises and security testing activities.
Support secure firewall management and network security monitoring activities.
Assist with implementation of firewall rules following leastprivilege and defaultdeny principles.
Participate in firewall rule reviews and validation of network traffic logs.
Support monitoring of network segmentation controls and security zones.
Validate logging configurations to ensure compliance with federal logging requirements.