USACares Jobs

Job Information

MyFlorida CYBER DEFENSE INCIDENT RESPONDER - 72003955 in United States

CYBER DEFENSE INCIDENT RESPONDER - 72003955

Date:Feb 22, 2021

Location:TALLAHASSEE, FL, US, 32399

Apply now »

The State Personnel System is an E-Verify employer. For more information click on ourE-Verify website (http://www.dms.myflorida.com/workforce_operations/human_resource_management/for_job_applicants/e_verify) .

Requisition No: 318184

Agency: Management Services

Working Title: CYBER DEFENSE INCIDENT RESPONDER - 72003955

Position Number: 72003955

Salary: $105,000.00 - $115,000.00

Posting Closing Date: 03/08/2021

Cyber Defense Incident Responder

Florida Digital Service

State of Florida Department of Management Services

This position is located in Tallahassee

The Florida Department of Management Services (DMS) is a customer-oriented agency responsible for managing the various business and workforce-related functions of state government. Under the direction of Governor Ron DeSantis and DMS’ Executive Leadership Team, the agency oversees the real estate, procurement, human resources, group insurance, retirement, technology, private prisons, fleet, and federal property assistance programs utilized throughout Florida’s state government. DMS is relied upon to establish, maintain and improve the business processes used by state employees to create a better, not bigger government. DMS facilitates the delivery of these programs and services and provides tools and training to bolster the efficiency and effectiveness of the state’s workforce. It is against this backdrop that DMS strives to demonstrate its motto, “We serve those who serve Florida.” DMS’ employees embody four pillars on a daily basis: lead by example, serve with excellence, create efficiencies, and challenge the status quo.

Position Responsibilities:

  • Provide targeted attack detection and analysis, including the development of custom signatures and SIEM/EDR queries and analytics for the identification of attacks.

  • Participate in investigations towards identifying root cause for security events evaluating anomalous activity and tuning for frequent false positives.

  • Translate threat intelligence into detection and hunting strategies, hypotheses, and queries.

  • Provide forensic analysis of network packet captures, live memory and drive acquisitions, malware, as well as logs from various types of security sensors, applications, and operating systems.

  • Participate in Security Architecture reviews for new projects to ensure proposed solutions align with risk requirements.

  • Participate in the design and execution of vulnerability assessments, penetration tests, and security audits.

  • Participate in the development of custom scripting and security orchestration.

  • Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.

  • Provide after business hours support in response to security alerts and investigations.

  • Perform other duties and tasks as assigned.

Knowledge, Skills, and Abilities:

  • Ability to apply techniques for detecting host and network-based intrusions using intrusion detection.

  • Knowledge of computer networking concepts and protocols, and network security methodologies.

  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.

  • Knowledge of cybersecurity and privacy principles.

  • Knowledge of cyber threats and vulnerabilities.

  • Knowledge of specific operational impacts of cybersecurity lapses.

  • Knowledge of data backup and recovery.

  • Knowledge of business continuity and disaster recovery continuity of operations plans.

  • Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).

  • Knowledge of network services and protocols interactions that provide network communications.

  • Knowledge of incident categories, incident responses, and timelines for responses.

  • Knowledge of incident response and handling methodologies.

  • Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.

  • Knowledge of network traffic analysis methods.

  • Knowledge of packet-level analysis.

  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

  • Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.

  • Knowledge of cyber defense and information security policies, procedures, and regulations.

  • Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).

  • Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).

  • Knowledge of system administration, network, and operating system hardening techniques.

  • Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).

  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

  • Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).

  • Knowledge of cloud service models and how those models can limit incident response.

  • Knowledge of malware analysis concepts and methodologies.

  • Knowledge of an organization's information classification program and procedures for information compromise.

  • Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

  • Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.

  • Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list).

  • Skill of identifying, capturing, containing, and reporting malware.

  • Skill in preserving evidence integrity according to standard operating procedures or national standards.

  • Skill in securing network communications.

  • Skill in recognizing and categorizing types of vulnerabilities and associated attacks.

  • Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).

  • Skill in performing damage assessments.

  • Skill in using security event correlation tools.

  • Skill to design incident response for cloud service models.

  • Accountability, Communication, Empowerment, Flexibility, Integrity, Respect, Teamwork.

Minimum Qualifications:

  • Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.

  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

  • Experience using security event correlation tools.

DMS is committed to successfully recruiting and onboarding talented and skilled individuals into its workforce. We recognize the extensive training, experience and transferrable skills that veterans and individuals with disabilities bring to the workforce. Veterans and individuals with disabilities are encouraged to contact our recruiter for guidance and answers to questions through the following provided email addresses.

DMS.Ability@dms.myflorida.com

DMS.Veterans@dms.myflorida.com

An individual with a disability is qualified if he or she satisfies the skills, experience, and other job-related requirements for a position and can perform the essential functions of the position with or without reasonable accommodation.

Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must contact the DMS Human Resources (HR) Office at (850) 488-2707. DMS requests applicants notify HR in advance to allow sufficient time to provide the accommodation.

Successful completion of background screening will be required for this position.

The State of Florida is an Equal Opportunity Employer/Affirmative Action Employer, and does not tolerate discrimination or violence in the workplace.

Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must notify the agency hiring authority and/or People First Service Center (1-866-663-4735). Notification to the hiring authority must be made in advance to allow sufficient time to provide the accommodation.

The State of Florida supports a Drug-Free workplace. All employees are subject to reasonable suspicion drug testing in accordance with Section 112.0455, F.S., Drug-Free Workplace Act.

VETERANS’ PREFERENCE. Pursuant to Chapter 295, Florida Statutes, candidates eligible for Veterans’ Preference will receive preference in employment for Career Service vacancies and are encouraged to apply. Candidates claiming Veterans’ Preference must attach supporting documentation with each submission that includes character of service (for example, DD Form 214 Member Copy #4) along with any other documentation as required by Rule 55A-7, Florida Administrative Code. Veterans’ Preference documentation requirements are available by clickinghere (http://www.dms.myflorida.com/content/download/97612/566545) . All documentation is due by the close of the vacancy announcement.

Nearest Major Market:Tallahassee

DirectEmployers