Computer Network Defense/Incident Response Analyst, Senior in Arlington, VA at Booz Allen Hamilton Inc.

Date Posted: 9/24/2018

Job Snapshot

Job Description

Job Number: R0038866

Computer Network Defense/Incident Response Analyst, Senior

Key Role:

Apply knowledge of monitoring, analyzing, detecting, and responding to Cyber events and incidents within information systems and networks. Advise on integrated, dynamic Cyber defense and leverage Cybersecurity solutions to deliver Cybersecurity operational effects, including intrusion detection and prevention, situational awareness of network intrusions, security events and data spillage, and incident response actions. Conduct intelligence and counterintelligence collection through network analysis and reporting. Maintain secure Cyber environment through configuration management, administration, and response actions. Operate and maintain security toolsets to support organizations’ continuous monitoring and ongoing authorization programs. Provide work leadership to junior employees.


Basic Qualifications:

-8+ years of experience with IA for operational testing, incident response, and computer network defense

-Experience with leading a CND/IR team, including directing investigation and creating detailed reports

-Experience with conducting active hunting for network intrusion on a network involving manual packet capture analysis, Domain Name System (DNS) log review, and open source and closed source intelligence analysis

-Experience with creating detailed reports on attack trends and recommended mitigations that are suitable for both senior leaders and technical audiences

-Experience with gathering, analyzing, and implementing defenses against Indicators of Compromise (IOC) gathered from open forums, closed forums, mailing lists, and directed research

-Knowledge of network attack patterns, detection techniques, trends, threat actors, and techniques for defending a network against these attacks
-Active TS/SCI clearance

-HS diploma or GED

-DoD 8570 IAT-II Level Certification


Additional Qualifications:

-Experience with IA metrics, data collection methodologies, data collating, and reporting in an operational testing environment

-Experience with Mandiant Incident Response (MIR), FireEye, Cisco WebProxy, Splunk, Bro IDS, Solara, Wireshark, and other open or closed source network defense tools or products

-Experience with vulnerability assessments, results analysis, and recommended risk mitigation solutions
-Experience with forensic investigation of network intrusion

-Experience with incident response, including preparation, detection, containment, eradication, recovery, and follow-up
-Experience with intelligence analysis and report generation

-Ability to recreate an incident from information gathered on compromised systems using tools, including EnCase
-BA or BS degree


Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.


Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.