Cyber Security Incident Responder - Senior

Maveris exists to help organizations reach their fullest potential by providing thought leadership in IT and cyber security. We are looking for a Cyber Security Incident Responder - Senior to support the delivery of cyber security operations support services for a Federal Government agency.

The Cyber Security Incident Responder - Senior will support the in-depth analysis and investigations of events and incidents, including detecting and rapidly responding to insiders who pose a threat to the confidentiality, integrity, and availability of all Controlled Unclassified Information (CUI) stored, processed, and disseminated by the organization. Examples of event and incident types include the following: unauthorized data egress (e.g., USB drives, cloud storage, file hosting services, etc.), unauthorized program download/execution, assessment of user’s intent to use downloaded programs for malicious purposes, administrative privilege abuse, disabling of IT audit mechanisms, negligence that negatively impacts IT systems or resources, IT security violations, and related activities. The Cyber Security Incident Responder - Senior will examine all available information, supporting evidence, information system logs, and other artifacts to determine the full extent of impact. The Cyber Security Incident Responder - Senior will take the steps necessary to ensure that any event or incident that is the result of insider risk or insider threat—or that negatively affects the confidentiality, integrity, and availability of CUI—is fully investigated and remediated.

Veterans are encouraged to apply.

Requirements

• Education and Experience
  • At least 7 years of related experience in Cyberspace Operations, Network Security, Computer Forensics, Network Forensics, Cyber Threat Analysis, Cyber Threat Hunting, Penetration Testing, Insider Threat Detection/Mitigation, or Incident Detection & Response.
  • Or a Bachelor’s degree from an accredited institution in Information Technology, Computer Science, Information Systems Management, Cybersecurity, or related field and five (5) years of specialized experience.
• Must have hands on experience with at least 11 of the required disciplines listed below:
  1. Having expertise in coordinating all phases of the incident management process in accordance with industry best practices.
  2. Having expertise in creating and implementing rules, signatures, and alerts within COTS products, including SIEM, EDR, XDR, IDS, DLP, UEBA, and SOAR, as well as related technologies to improve insider risk detection and insider threat detection capabilities.
  3. Working with business unit or technical support teams to ensure that an incident is fully remediated, including providing timely incident notification, status updates, and briefings to customer leadership.
  4. Executing investigations that identify an incident, violation, risk, or issue.
  5. Understanding the federal laws, policies, and regulations applicable to the IIR Area of Responsibility (AOR) and coordinating event mitigation with external authorities.
  6. Creating and/or tailoring data feeds such as system logs, signatures, alerts, etc. for correlation and incident analysis using a variety of security monitoring technologies to achieve strategic objectives, including SIEM, EDR, XDR, IDS, UEBA, DLP, and SOAR, as well as related technologies.
  7. Implementing security monitoring content that operates as intended, identifies activity with high accuracy, minimizes false positives, and does not degrade or significantly impact system performance.
  8. Implementing IIR activities at improving insider threat monitoring within an enterprise IT environment and reducing the overall insider risk posture.
  9. Supporting projects to develop and mature processes and procedures related to the collection, review, interpretation, correlation, and analysis of technical data, PRIs, and other non-technical data to identify or de-conflict insider risks and insider threat activity.
  10. Collecting and analyzing incident data, prioritizing significant and emergent events for further investigation, correlating information with other information sources to establish context, and compiling information into comprehensive analytic reports.
  11. Performing forensically sound collection of computer images and other electronic evidence; inspecting to discern possible mitigation/remediation within an enterprise IT environment.
  12. Preserving Chain of Custody integrity during evidence collection, analysis, and transfer.
  13. Collaborating with teams and working groups to identify and implement recommendations to improve overall functions, operations, and performance of IIR activities.
  14. Documenting and escalating incidents that may cause ongoing and immediate impact to the environment.
  15. Developing after-action reviews, defense techniques, guidance, and reports on incident findings to appropriate constituencies.
  16. Executing containment, eradication, and recovery activities.
  17. Working in an Agile environment using Enterprise Agile Planning Tool(s) and/or Kanban boards.
• Exceptional written and verbal communication skills
• Strong planning, organizational, and time management skills
• Exceptional analytical and conceptual thinking skills
• Strong leadership skills and ability to work collaboratively with a team of peers

Minimum Education Requirements

Candidates should possess a bachelor’s degree from an accredited institution in Information Technology, Computer Science, Information Systems Management, Cybersecurity, or related field.

Minimum Certification Requirements:

Candidates must possess one of the following certifications:

• GIAC Certified Detection Analyst (GCDA)
  
• GIAC Certified Forensics Analyst (GCFA)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Network Forensic Analyst (GNFA)
• GIAC Penetration Tester (GPEN)
• GIAC Reverse Engineering Malware (GREM)
• GIAC Security Expert (GSE)

Note: All certifications must be current and active at the time the individual is on-boarded to support the contract. Certifications must remain active throughout the period of performance.

Benefits

Maveris attracts and retains talent of the highest caliber by offering opportunities to work in exciting and challenging environments surrounded by bright minds. Our employees are our most prized asset and are rewarded with highly competitive compensation and a top-tier benefits package, including:

• 401(k) with company match
• Dental Insurance
• Health Insurance
• Vision Insurance
• Life Insurance
• Paid Time Off

About Maveris

Maveris offers exceptional, mission-focused, solutions to organizations facing highly complex IT, digital, and cybersecurity challenges. Our success is achieved by maintaining an environment of trust where people are encouraged to reach their fullest potential. Every candidate that applies to Maveris brings something unique to the table, and because our team is diverse, we consistently meet our goals and exceed client expectations. If you are a highly-motivated person with a willingness to learn, we invite you to apply today to join our team!

To learn more about employee benefits visit www.maveris.com.
For company updates and the latest job postings check us out on LinkedIn.
If you'd like to read about some of our research and projects head over to Maveris Labs.
Want a more behind the scenes view? Check out our blog Maveris Insights to learn more about the team behind the solutions.