CND/Incident Response Analyst

Cask is a leading Management Consulting firm specializing in delivering business and technical expertise to clients across commercial and government markets. Join the many happy employees at Cask! We have been named a top 5 firm to work for by Consulting Magazine for 5 of the past 6 years.

Responsibilities

• The contractor shall assist with analysis of actions taken by malicious actors in order to determine initial infection vector, establish a timeline of activity, and any data loss associated with incidents.
• Provide Python Programming, PowerShell Programming, and Script Development.
• Coordinate with and provide expert technical support to enterprise-wide CND technicians to document CND incidents, correlate incident data to identify specific vulnerabilities, and make recommendations enabling remediation.
• Monitor external data sources (e.g., computer network defense vendor sites, Computer Emergency Response Teams, Storage Area Networks (SANs), Security Focus), update the CND threat condition, and determine which security issues may have an impact on the enterprise.
• Analyze log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security and perform command and control functions in response to incidents.
• Perform CND incident triage, to include determining, urgency, and potential impact; identifying the specific vulnerability; and making written recommendations that enable expeditious remediation.
• Utilize forensically sound collection techniques of images and inspect to discern mitigation/remediation on enterprise systems, perform real-time CND incident handling (e.g.,
• Forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) to support deployable Incident Response Teams (IRTs).
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts and track and document CND incidents from initial detection through final resolution.
• Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, and security robustness), collect intrusion artifacts (e.g., source code, malware, and trojans), and use discovered data to enable mitigation of potential CND incidents within the enterprise.

Requirements

• Clearance Required: TS/SCI with counter-intelligence polygraph
• IAT level III or CSSP Incident Responder certification with documented additional education, specialization, or certification in one of the technologies or tools listed below:
• 5 years of experience in a majority of the below:
• System Architecture
• -       Network Engineering
• -       Systems Engineering
• -       Virtual Environments
• Scripting
• -       Powershell
• -       Python
• -       RegEx
• Forensics
• -       Dead disk and memory interrogations
• -       Malware analysis/reverse engineering
• Additional Preferred Experience
• -       SCADA Systems
• -       Cloud Environments
• -       Database Administration
• -       Hunt Methodologies
• -       SEIM Operations (Splunk/Security Onion)

Cask is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, age, status as a protected veteran, among other things, or status a qualified individual with a disability.  EEO/Employer/Vet/Disabled