Computer Network Defense/Incident Response Analyst, Senior in Arlington, VA at Booz Allen Hamilton Inc.

Date Posted: 4/3/2018

Job Snapshot

Job Description

Job Number: R0026000

Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering and innovation expertise.


Computer Network Defense/Incident Response Analyst, Senior

Key Role:

Apply knowledge of monitoring, analyzing, detecting, and responding to Cyber events and incidents within information systems and networks. Advise on integrated, dynamic Cyber defense and leverage Cybersecurity solutions to deliver Cybersecurity operational effects, including intrusion detection and prevention, situational awareness of network intrusions, security events and data spillage, and incident response actions. Conduct intelligence and counterintelligence collection through network analysis and reporting. Maintain secure Cyber environment through configuration management, administration, and response actions. Operate and maintain security toolsets to support organizations’ continuous monitoring and ongoing authorization programs. Provide work leadership to junior employees.


Basic Qualifications:

-8+ years of experience with IA for operational testing, incident response, and computer network defense

-Experience with leading a CND/IR team, including directing investigation and creating detailed reports

-Experience with conducting active hunting for network intrusion on a network involving manual packet capture analysis, Domain Name System (DNS) log review, and open source and closed source intelligence analysis

-Experience with creating detailed reports on attack trends and recommended mitigations that are suitable for both senior leaders and technical audiences

-Experience with gathering, analyzing, and implementing defenses against Indicators of Compromise (IOC) gathered from open forums, closed forums, mailing lists, and directed research

-Knowledge of network attack patterns, detection techniques, trends, threat actors, and techniques for defending a network against these attacks
-Active TS/SCI clearance

-DoD 8570 IAT-II Level Certification


Additional Qualifications:

-Experience with IA metrics, data collection methodologies, data collating, and reporting in an operational testing environment

-Experience with Mandiant Incident Response (MIR), FireEye, Cisco WebProxy, Splunk, Bro IDS, Solara, Wireshark, and other open or closed source network defense tools or products

-Experience with vulnerability assessments, results analysis, and recommended risk mitigation solutions
-Experience with forensic investigation of network intrusion

-Experience with incident response, including preparation, detection, containment, eradication, recovery, and follow-up
-Experience with intelligence analysis and report generation

-Ability to recreate an incident from information gathered on compromised systems using tools, including EnCase
-BA or BS degree


Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

Integrating a full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems by their side to help them achieve their missions.  Booz Allen is committed to delivering results that endure.

We are proud of our diverse environment, EOE, M/F/Disability/Vet.

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.


Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.