Computer Network Defense & Incident Response Analyst
Stuttgart, Baden-Württemberg, Germany
The candidate will identify, isolate, investigate, inform, and implement measures to detect and protect data across a wide spectrum of sources and locations in support of the VA Cybersecurity Operations Center (VA CSOC). The candidate is required to validate suspicious events or reports and determine if the event constitutes an incident. The candidate will ensure incidents are properly entered into the appropriate reporting system and determine the severity of the incident. Reporting and response measures will be taken immediately in order to satisfy the Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01B and Department of Homeland Security (DHS) reporting requirements.
Position Requirements and Duties:
- Maintains familiarity with DOD CJCSM 6510.01B and DHS Incident Response policies and procedures.
- Compiles and maintains internal standard operating procedure (SOP) documentation.
- Ensures associated documentation and capabilities remain compliant with DOD, DHS, and other applicable policy directives.
- Monitoring of the Security Information and Event Management solution, other security tools, situational awareness reports, and open source intelligence to identify anomalous activity, malicious artifacts, indicators of compromise and take corrective actions.
- Provides network intrusion detection and monitoring, correlation analysis, incident response and support for the VA CSOC and the Cybersecurity Service Provider (CSSP).
- Validates suspicious events or reports and determine if the event constitutes an incident and properly enter associated data into the appropriate reporting systems.
- Coordinates with supported and governing entities regarding significant incidents to ensure proper analysis is performed and timely and accurate reporting of the incident is completed.
- Provides 24x7 support for the CSSP’s Incident Response capability during non-core business hours consistent with requirements as needed.
- Performs network and host-based digital forensics on Microsoft Windows based systems and other operating systems as necessary to enhance response to, support of, and investigation into significant network incidents.
- Possesses working knowledge of full packet capture analysis and accompanying tools (Wireshark, etc.).
- Explores patterns in network and system activity via log correlation using supplemental tools
- Possesses understanding of IDS/IPS solutions to include signature development and implementation
- Participates in program reviews, product evaluations, and onsite certification evaluations.
- Knowledge of incident response and handling methodologies.
- Skill in protecting a network against malware. (e.g., NIPS, anti‐malware, restrict/prevent external devices, spam filters)
- Ability to apply techniques for detecting host and network‐based intrusions using intrusion detection technologies
- Knowledge of Packet Analysis
- Knowledge of IDS/IPS solutions
- Familiarity with various Host-Based Tools
- Experience with Log Aggregation Tools
- Logical thinking and analytical ability
- Verbal and written communication ability
Highly Desired Skills:
- Knowledge of DOD and DHS Incident Response policies and procedures
- Experience with Digital Forensics
- Ability to solve problems independently
- 2+ years’ experience in Cybersecurity Service Provider (CSSP) environment or similar
- DoD or DoN Cybersecurity Workforce (CSWF) Certification or compliance (DoDD 8140 or SECNAV M-5239)
Minimum Security Clearance: Minimum of a Secret Clearance, with ability to obtain TS/SCI.
- Bachelor OR Graduate degree from accredited university/technical college in Cybersecurity, Computer Science, Information Systems, or other related scientific or technical discipline
- 8570 Classification IAT –II & CSSP Incident Responder or Analyst Category certification
- Approved Military Training Courses
- Authorized to view alerts for IDS/IPS
- Authorized to view Audit Records on Central Log Server
- Overtime may be required as needed to support incident response actions (Surge)
- Up to 15% Travel may be required
Due to the nature of the work required, operations are conducted 24/7/365 with three primary shifts. Choice of shifts will be made available with the understanding that placement is at the discretion of the CSSP Services Director and/or assigned manager.
- Long Term Disability
- Basic Life Insurance
- Basic Accidental Death & Dismemberment Insurance
- Direct Payroll Deposit
- Leave Accrual
- Short Term Disability
- Additional (Voluntary) Life Insurance
- Additional (Voluntary) AD&D Insurance
- Medical Coverage
- Dental Coverage
- Vision Care Plan
- Flexible Spending Account Plan
- Online Training
- AFLAC Supplementary Insurances
Spinvi is an Equal Opportunity Employer. Spinvi does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.
Spinvi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Spinvi complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Spinvi expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Spinvi’s employees to perform their job duties may result in discipline up to and including discharge.