Cyber Incident Responder ***Top-Secret Clearance***
Title: Cyber Incident Responder
Location: Fairmont, WV OR Washington, DC, OR Silver Spring
Clearance: Active Top-Secret Clearance
IBSS is seeking a Mid-level Cyber Incident Responder for an Enterprise SOC contract for a large civilian federal agency. The SOC comprises of 14 analysts across multiple functions. This team supports 6am-6pm Eastern Time coverage between its DC and WV locations. On-call rotation for escalation as needed for night/weekends (coordinated with manager each month for the on-call schedule).
- Act as main investigators for potential incidents identified by cyber analysts
- Handle incidents through their lifecycle; work with users to analyze, triage, contain, and remediate security incidents
- Communicate guidance to end users, constituent bureaus, and senior officials
- Preparing situational awareness reports for the customer, its constituent bureaus, and/or Department management
- Identify process improvements and generate ideas to improve the SOC’s capabilities
- Timely dissemination of information to the appropriate stakeholders
- Other incident response related duties as assigned
- 3+ years of prior relevant experience in order to operate within the scope contemplated by the level; experience in lieu of degree may be acceptable
- Inquisitive, problem-solving oriented
- Solid understanding of cyber landscape and typical threat vectors
- Ability to analyze firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs
- Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, Orchestrator logs, and malicious code
- Maintain or willingness to obtain one of the following certifications: CERT Certified Computer Security Incident Handler, EC Council Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), GIAC Information Security Fundamentals (GISF), or ISC2 Certified Information Systems Security Professional (CISSP). Equivalent certifications may be considered.
- Ability to perform deep dive investigations from start to finish of a security incident using data from both host based and network based devices.
- Ability to forensically investigate both Windows and Linux devices for compromise.
- Ability to analyze malicious files through code analysis/reverse engineering.
- Ability to perform introspection of incident for after action reports to both technical and non-technical staff
- Ability to perform threat hunting
- Scripting capabilities
- Understanding of SIEM and SOAR products
- Must be US Citizen
- Minimum Interim Top Secret or higher
About IBSS Corp.
IBSS is a Woman-Owned business. Since 1992, IBSS has provided specialized professional and technical, scientific, cybersecurity, IT, and software engineering solutions to the Federal sector. Our clients include the National Oceanic and Atmospheric Administration (NOAA), the Department of Defense (DoD), and the Department of Justice (DOJ). We are committed to serving our clients and employees by delivering service excellence, creating value through technology, and continually improving our skills, services, and processes. Moreover, we maintain an ISO 9001:2015 certification which allows us to optimize current industry best practices to enhance delivery outcomes for our clients.
IBSS offers a competitive benefits package including paid vacation, medical, dental, vision and prescription drug coverage with company-paid deductible, matching 401K plan, tuition/training reimbursement, and Flex-Spending (FSA)/Dependent Care Account (DCA) options.
IBSS is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by applicable law.