Cyber Incident Response Manager
Arlington, Virginia, United States
At phia, we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.
Our partnership with DHS’s Hunt and Incident Response Team (HIRT) has created an opportunity for a Cyber Incident Response Manager. The HIRT’s mission is to provide DHS with front-line response for cyber incidents, and proactively hunt for malicious cyber activity. As a Cyber Incident Manager, you will apply your knowledge of the tactics, techniques, and procedures of criminal, insider, hacktivist, and nation-state threat actors to identify and validate threats in support of this critical DHS mission.
What You’ll Do
- Research and compile known resolution steps or workarounds to enable mitigation of potential Computer Network Defense incidents within the enterprise.
- Applying cybersecurity concepts to the detection and defense of intrusions into small, and large-scale IT networks, and conduct cursory analysis of log data.
- Monitor external data sources (e.g., Computer Network Defense vendor sites, Computer Emergency Response Teams [CERTs], SANS, Security Focus) to maintain currency of Computer Network Defense threat condition and determine which security issues may have an impact on the enterprise.
- Identify the cause of an incident and recognize the key elements to ask external entities when learning the background and potential infection vector of an incident.
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
- Track and document Computer Network Defense (CND) incidents from initial detection through final resolution.
- Partner with other components within the organization to obtain and coordinate information pertaining to ongoing incidents.
- Provide support during assigned shifts (2:00 PM - 10:30 PM ET or 10:00 PM - 6:30 AM ET and 12-hour weekend shifts).
Education and Experience
- BS Computer Science, Operations Management, Cybersecurity, or related degree. If no degree is held, candidates must have an additional 4 years of incident management experience.
- 5 years of professional work experience with at least 2 years of relevant experience in cyber incident management or cybersecurity operations.
- Demonstrated understanding and knowledge in the following areas is required:
- Incident response and handling methodologies.
- NCCIC National Cyber Incident Scoring System to be able to prioritize triaging of incident
- Attack stages (e.g., footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.).
- Ability to recognize and categorize types of vulnerabilities and associated attacks.
- Basic system administration and operating system hardening techniques.
- Computer Network Defense policies, procedures, and regulations.
- Operational threat environments (e.g., first generation [script kiddies], second generation [non-nation-state sponsored], and third generation [nation-state sponsored]).
- System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code).
- One (or more) of the following certifications is highly desired: GCIH, GCFA GISP, GCED, CCFP or CISSP
Security Clearance Requirements
- This position will require U.S. citizenship and an active DoD TS/SCI security clearance. Candidates must also have the ability to obtain DHS Suitability.
Who You Are
- A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
- Intellectually curious with a genuine desire to learn and advance your career.
- An effective communicator, both verbally and in writing.
- Customer service-oriented and mission-focused.
- Critical thinker with excellent problem-solving skills.
If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.
IMPORTANT: This position is subject to Executive Order 14042 and the Safer Federal Workforce Task Force Guidance requiring covered employees to be fully vaccinated against COVID-19. As a condition of employment, the successful candidate will be required to provide proof of full COVID-19 vaccination prior to commencing employment. Prospective or new employees who are unable to be vaccinated due to medical reasons or a sincerely held religious belief may request a reasonable accommodation. This request must be approved prior to the start of employment to the extent a reasonable accommodation is available that does not pose an undue hardship on phia or a direct threat to the candidate or phia’s employees.
Who We Are
phia LLC ("phia") is a Northern Virginia-based, 8a certified small business established in 2011 with a focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia values work-life balance and offers the following benefits to full-time employees:
- Comprehensive medical insurance to include dental and vision
- Short Term & Long-Term Disability
- 401k Retirement Savings Plan with Company Match
- Tuition and Professional Development Assistance
- Flex Spending Accounts (FSA)
Explore more Information Security career opportunities
- Open Senior Information Security Engineer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Incident Response Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Azure Security Engineer jobs
- Open Vulnerability Analyst jobs
- Open Personnel Security Officer jobs
- Open Security Operations Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Cyber Security Analyst jobs
- Open Infrastructure Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Penetration Tester jobs
- Open Information Security Architect jobs
- Open Information Security Officer jobs
- Open Threat Intelligence Response Analyst jobs
- Open Sr. Product Security Engineer jobs
- Open SOC Analyst jobs
- Open Cybersecurity Engineer jobs
- Open Security Officer 3 jobs
- Open Privacy Manager jobs
- Open Sr. Software Engineer - Detection Engineering jobs
- Open DevOps-related jobs
- Open PCI-related jobs
- Open Threat intelligence-related jobs
- Open OWASP-related jobs
- Open Clearance-related jobs
- Open Machine Learning-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Encryption-related jobs
- Open Open Source-related jobs
- Open Splunk-related jobs
- Open Forensics-related jobs
- Open Ruby-related jobs
- Open Intrusion detection-related jobs
- Open Security assessments-related jobs
- Open OSCP-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open GDPR-related jobs
- Open DevSecOps-related jobs
- Open HIPAA-related jobs
- Open IPS-related jobs
- Open TCP/IP-related jobs
- Open Unix-related jobs