Intermedia group has the following open position with our client:
Title: Incident Response Analyst
Location: Camp Arifjan, Kuwait
Clearance: Top Secret / SCI
Required Certification(s): IAT III certification, Requires applicable DOD 8570 CNDSP Incident Responder certification
CANDIDATES MUST POSSESS A CURRENT AND VALID KUWAIT WORK AUTHORIZATION
This contract effort provides non-personal defensive cyberspace operations support to the Defensive Cyberspace Operations Division (DCOD), U.S. Army Regional Cyber Center – Southwest Asia (USARCC-SWA). The DCOD environment includes any hardware, software, application, tool, system, or network used by the Government, whether developed, leased, or commercially purchased. Work includes current and new systems at various lifecycle stages, and any future applications/systems not currently identified. DCO services are required to defend against unauthorized activity on all Army assets residing on the NIPRNet, SIPRNet, CENTRIXS, JWICS, and any authorized CENTCOM Coalition computer network. This includes activities from external hackers who may attempt to gain unauthorized access, insider threats attempts for unauthorized access, and policy violations that may impact network security and operations. Work is required to continue performance during peace, crisis, hostilities, and war operations.
- Capture and perform initial analysis on captured volatile data, log data, captured network traffic data, etc. to identify any immediate intrusion related artifacts which in turn will allow immediate defensive countermeasures to be implemented.
- Develop necessary procedures or scripts to identify such data. Immediately upon capture of volatile data and/or power down of each individual system, in conjunction with Army Cyberspace Operations and Integration Center/Forensic Malware Analysis/Regional Cyber Center (ACOIC|FMA|RCC) request, coordinate the shipment of original forensic evidence (hard drive, USB drive, etc.) to ACOIC G33 DCO FMA for forensic imaging. Individual files identified or suspected of being malicious will be sent by e-mail in one of several formats to the G33 DCO FMA distribution list, who will in turn analyze the files by automated malicious code analysis and/or by static analysis/dynamic analysis/reverse engineering performed by G33 DCO FMA malware analysts.
- Works and interacts with other DCO professionals internal and external to Army Cyber Command, with Law Enforcement and Counter Intelligence LNO's, and intelligence professionals as a technical specialist to understand higher-level adversary capability.
- Document, update and enhance processes and procedures by producing training materials, standards documents and reports.
Education and Certifications:
Background Needed and Years of Experience:
- Bachelors Degree with appropriate IAT III certification and associated
- Continuing Education Certification.
- Experience in Packet Capture and analysis
- Requires applicable DOD 8570 CNDSP Incident Responder certification
Must Have Technical Skills:
- 5+ Years of Experience with a solid background in Defensive Cyber Operations
- Possess in-depth knowledge, experience, and certifications with any commercial computer incident triage tools including: CCIU LogCollector, EnCase Enterprise / Cybersecurity, AccessData eDiscovery, Mandiant Redline, Tanium, etc.
- Must have technical experience: Experience in one or more of the following technologies: ArcSight Logger, CCIU LogCollector, EnCase Enterprise, Tanium, PacketCapture with Security Onion or NetScout.
Preferred Technical Skills:
- Full working knowledge and experience with all Windows OS platforms including: Windows 7/8/10, Server 2K3/2K8/2012/2016, etc.
- Full working knowledge and experience with varying flavors of Unix/Linux platforms, and Apple based operating systems.
- Content development experience on ArcSight ESM and SourceFire
If you are interested please contact:
Director of Business Development – Government Solutions
INTERMEDIA GROUP, INC.