Receive alerts when this company posts new jobs.
Network Defense & Incident Response Analyst IRES - SAFB
Descriptionof Duties: The Network Defense & Incident Response Analysts provideDefensive Cyber Operations (DCO) 24 hours a day 7 days a week, and providesreal-time monitoring and analysis of insider and external threats utilizingnetwork security tools. Additionally, analysts provide incident response andrecovery activities to the enterprise. This position requires a Junior NetworkDefense & Incident Response Analyst to conduct intrusion detection andincident response on enterprise networks and maintain situational awareness ofenterprise-wide cyber security.
UtilizeSIEM Tools to analyze and correlate event logs from network security devicesand mission critical servers (e.g., network and host-based security systems,firewalls, routers, switches, Servers, Workstations, etc.) for indicators ofcompromise and known attack patterns. Analyze and interpretation of log datawithin SIEM tools (e.g., ArcSight, Splunk, etc.)
Developand disseminate computer network defense (CND) alert and notification messagesto warn customers of threats and provide guidance for countermeasures to defendagainst identified threats.
Reviewdata originating from or reflecting status of ongoing intrusions or cybersecurity incidents and document the findings according to establishedprocedures.
Analyzevulnerabilities against known exploits that do not have vendor-providedmitigation or remediation action in enterprise cyber-threat environment anddisseminate guidance to improve network defensive posture.
Conductthe response and recovery actions for network and cybersecurity incidentsutilizing Incident Response plans, to include reporting all pertinent detailsutilizing internal and external data management systems.
Conductdigital forensic analysis and collect potential evidence by analyzing contentof compromised systems. Document relevant findings, and/or identify thetactics, techniques, and procedures used by an attacker and preserve forensicchain of custody for evidence when required.
DraftDefensive Cyber Operations (DCO) alert and notification messages to warncustomers of threats and provide countermeasure recommendations to defend againstidentified threats.
Supportthe development, establishment, review and update of CND procedures, processes,manuals, and other documentation.
Thisposition will be posted for two weeks ending on 16 August 2019. If a candidatehas not been selected at that time, it will continue to be posted until asuitable candidate is selected or the position is closed.
Jacobs is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other characteristics protected by law. Jacobs is a drug-free workplace.
Basic Requirements: Must have one of the following combinations of educationand experience: HS Diploma (or GED) and 8 years of general experience;Associate's degree and 6 years of general experience; Bachelor's degree and 4years of general experience; Master's degree and 2 years of general experience.
Musthave 6 years' experience in the information security field and practicalexperience in an incident response role
Musthave a current DoD 8570.01-M IAT Level II certification with ContinuingEducation (CE) - (CCNA Security, CySA , GICSP, GSEC, Security CE, SSCP)
Musthave a current DoD 8570.01-M CSSP Incident Responder certification (CEH, CFR,CCNA Cyber Ops, CySA , GCFA, GCIH, SCYBER, or CHFI)
Candidatemust have an active DoD Secret security clearance upon hire
Beable to obtain a DoD Top Secret clearance
Experiencewith security analysis and solutions in a WAN/LAN environment to includeRouters, Switches, Network Devices, and Operating Systems (e.g., Windows, andLinux)
Mustbe willing to work rotating shifts in a 24x7x365 operational environment andrespond quickly to emergencies as needed
Musthave excellent technical writing skills to accomplish required forensic andincident reporting
Experiencewith most MS Office applications (Word, Excel, PowerPoint, and Visio)
Mustbe willing to travel 25%.
Mustbe willing to provide training to other analysts.
Bachelor'sdegree in Information Technology, Cybersecurity, or related discipline.
Experiencewith DoD DCO/Cyber Security Service Provider (CSSP), network, and systemsecurity policies and procedures
Experiencewith correlating security events across the enterprise using SIEM tools,ArcSight preferred
Experiencewith other Security Operations Centers (SOC)/DCO tools/applications, such asFirewalls, Intrusion Detection Systems / Intrusion Prevention Systems, NetworkSecurity Manager, Bluecoat, Barracuda, etc.
CurrentDoD Top Secret clearance
GCIH,or GCFA certified preferred