Octo Consulting Group Threat Mitigation / Incident Response / Forensics Analyst II in Bethesda, Maryland
As a Threat Mitigation / Incident Response / Forensics Analyst II, you'll analyze user needs to determine functional requirements and define problems and develop plans and requirements in the subject matter area for moderately complex to complex systems related to information systems architecture, networking, telecommunications, automation, communications protocols, risk management/electronic analysis, software, lifecycle management, software development methodologies, and modeling and simulation. Perform functional allocation to identify required tasks and their interrelationships. Identify technical resource required for each task and redirect as needed. Provide technical, managerial, and administrative direction for problem definition, analysis, requirements development, and implementation for complex to extremely complex systems in the Threat Mitigation and Incident Response area and Forensics. The following are the detailed (but not limited to) tasks you will perform:
· Enterprise security log collection and management;
· Network and host-based intrusion detection and identification;
· Real-time NIH network 24 x 7 enterprise security log and event monitoring and alerting;
· Security operations and threat mitigation;
· Information security and privacy incident response and management;
· Performing incident triage on all incidents to determine scope, urgency, and operational impact;
· Cloud application and infrastructure monitoring and alerting;
· Investigating suspected intrusions and/or suspicious activities within 30 minutes of detection;
· Participation in incident response tabletop exercise to validate existing processes and procedures and to document lessons learned;
· Supporting escalations from Tier 1 that require advanced analytics and investigation;
· Performing APT hunting activities;
· Analyzing suspicious websites, emails, and web downloads for nefarious behaviors;
· Performing malware analysis on suspicious network payloads;
· Performing forensic analysis and provide recommendations in a forensics report on corrective actions to NIH on cyber intrusions and malware incidents;
· Utilizing forensic and malware analysis tools to perform computer forensic services such as digital evidence preservation, analysis, data recovery, and documentation based on established procedures;
· Conducting forensic evidence collection based on procedures compliant with NIST SP 800-86;
· Acquiring full disk images, including volatile and non-volatile data when required;
· Performing reverse engineering of suspicious code;
· Performing Threat Intelligence Analysis and Situational Awareness;
· Collecting, correlating, and disseminating relevant Cyber Threat Intelligence (CTI);
· Developing a monthly summary of IR Forensic Activities, including:· Number of incidents supported; · Number of artifacts analyzed; · Number of IOCs collected and distributed; · Percentage of files analyzed that are malicious; · Number of email investigations; and · Percentage of emails analyzed that are malicious.
· Maintaining liaison and collaboration efforts with the Technical Lead, Program Manager and other designated responsible official in support of Cyber Incidents (CI) and Insider Threat activities;
· Provide engineering support for the Security Operations Center (SOC) and Incident Response Team to provide enterprise solutions and solve complex problems; and
· Ensure proper configurations and security controls of systems and agents managed by the SOC.
We were founded as a fresh alternative in the Government Consulting Community and are dedicated to the belief that results are a product of analytical thinking, agile design principles and that solutions are built in collaboration with, not for, our customers. This mantra drives us to succeed and act as true partners in advancing our client’s missions.
The program you will be working on will provide Information Security Program Support Services to preserve the National Institute of Health (NIH) information, prevent data breaches and to support the following:
· Enterprise information security governance, communications, program and project management, and security metrics and reporting;
· Threat identification and incident handling, including security event detection and situational awareness;
· Security awareness, education, and training;
· Asset and inventory management, including both internal, external, and cloud systems;
· Vulnerability assessment and mitigation, including vulnerability scanning, security configuration development and scanning, and internal and external penetration testing;
· Continuous Diagnostics and Mitigation (CDM);
· Risk management, audit coordination, and corrective plan management;
· Systems security assessment and authorization and plan of action and milestones (POA&M) management;
· Security policy, standards and guidance formulation and oversight;
· Experience with Enterprise Networks and systems;
· Experience with Enterprise security log collection and management;
· Experience with Security information and event management (SIEM);
· Experience with Incident Management lifecycle including recording, triage, analysis, communication, resolution, and closure;
· Experience with Computer Forensics lifecycle including identification, preservation, chain of custody, acquisition methods, investigation, analysis, communication and reporting;
· Intimate knowledge of enterprise level security operations and threat mitigation practices; and
· Strong communication, metrics collection, analysis and reporting skills.
· Experience in enterprise level Security Operation Center (SOC) management; and
· Able to think “outside the box” and provide innovative and positive recommendation of improvements to incident mitigation and proactive prevention.
Years of Experience: 3+ years of experience or more in the detailed task areas.
Education: Bachelor’s degree in Business, Information Technology, Computer Science, Mathematics, or equivalent degree, (Technical Discipline preferred). The equivalent combination of education, professional training or work experience substituting each year of education with 1 year of experience (e.g. an Associate’s degree with 5+ years of experience) will be acceptable. One or more of the following certifications are required (multiple preferred):
· Certified Information Systems Auditor (CISA) – ISACA – Preferred;
· EC-Council Certified Security Analyst (ECSA) – EC-Council – Preferred;
· Certified Information Systems Security Professional (CISSP) – ISC2;
· CompTIA Security+ - CompTIA;
· CompTIA Network+ - CompTIA.
Location: Bethesda, MD (Remote work option during Covid-19 restrictions).
Clearance: U.S. Citizenship required and ability to attain a Level 6: Public Trust - High Risk clearance which must undergo a Suitability Determination that includes a Background Investigation (BI) with Periodic Reinvestigation (PRI) reinvestigation every ten years.