Cyber Incident Handling Analyst

Key Role:

Interface with the users of Booz Allen and assist them with their reports of suspicious or malicious activity and first line of the firm’s Cyber defense, including identifying and responding to security threats. Speak and correspond with users of all levels within the firm. Assist clients with computer systems, e-mail-based attacks, and security topics.  Operate in a 12/5 operations center environment and maintain responsibility for incident confirmation, response, data collection, investigation, and analysis. Leverage knowledge of computer and network architecture to provide analysis during investigations and identify adversarial activity and methods for future detection and prevention. Use a combination of open source research, network and host forensic analysis, log review and correlation, and pcap analysis to complete investigations. Compose and present reports on findings to leadership for intrusion incidents. Manage the incident life cycle, ensuring that all investigations are kept current and are completed.

Basic Qualifications:

-Experience with one of the following: system administration, network engineering, or security engineering

-Experience with performing host or network incident response, malware analysis, or forensics

-Knowledge of Cybersecurity threats and best practices

-Knowledge of host and network log sources to apply to investigation, IR methodology in investigations, and the groups behind targeted attacks and their tactics, techniques, and procedures (TTPs)

-Ability to pay strict attention to detail, display logic and a solution orientation, and learn and adapt quickly

-Ability to communicate effectively under normal and stressful situations

-Ability to lead and serve a team to complete the mission and work well under pressure to rapidly scope and investigate incidents

-Ability to obtain a security clearance

-HS diploma or GED

Additional Qualifications:

-Experience with network forensics and intrusion analysis, performing independent research, and reporting on findings.

-Knowledge of networking concepts and analysis tools, operating systems, software, and security controls

-Ability to display originality and creativity in problem solving

-Ability to be a self-starter, quick learner, and detail-oriented

-Possession of excellent customer service, analytical, and critical thinking skills

-Possession of excellent oral and written communication skills

-BA or BS degree in Engineering, CS, Information Security, or Information Systems preferred; MA or MS degree in Engineering, CS, Information Security, or Information Systems a plus

-CISSP, Security+, or SANS Certification

Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.