Incident Response Analyst - Agile Defense

• Investigating, tracking, and documenting IT security incidents using the SOC’s standard incident response management tools.
• Daily and hourly monitoring of the SOC’s incident reporting email box. 
• Conducting and leading IR team activities in response to security incidents. Activities include but to limited to ensuring completion of the incident from detection thru closure, leading IR meetings and analysis with other SI units, providing situational awareness information to SI units, correlating multiple alert and incidents to determine widespread attacks, and providing incident status reports to SI management and other stakeholders.
• Maintaining and updating the incident management tool to reflect the SOC’s IR procedures.
• Performing in-depth analysis and forensics, analyzing incident data, recommending solutions, coordinating response activities, and preparing reports for management.
• Working with stakeholders during incidents to mitigate the incident and improve the security posture to reduce the likelihood of an incident occurring.
• Responding to and investigating security alerts to identify potential incidents, and performing actions to contain incidents in progress.
• Reporting incidents to appropriate external entities and coordinating with OIG investigators, US-CERT, and law enforcement as appropriate based on SI policies.
• Creating and maintaining applicable IR plans and procedures.
• Developing IR training and exercise materials.
• Coordinating and conducting periodic IR training sessions and exercises.
• Creating and reporting metrics on the effectiveness of the IR procedures.
• Developing and maintain a Threat Intelligence Program. 
• Monitoring and analyzing logs and alerts from a variety of different systems and tools across multiple platforms in order to respond and report suspected or actual security breaches.
• Monitoring security systems and events to detect and investigate threats, identifying and analyzing traffic trends, assessing the impact of security alerts and traffic anomalies on the Smithsonian network in order to make appropriate recommendations.
• Advising system owners and administrators on improving techniques for detecting and logging potential incidents. 
• Developing procedures for use, interpretation, and response to the monitoring and alert information collected. 
• Designing, implementing and maintaining a forensics lab.
• Collecting, preserving, and interpreting electronic evidence related to incident investigations.
• Supporting information gathering and preparing responses to various data calls and assessment conducted by various external organizations to include but not limited to Office of Management and Budget (OMB), Department of Homeland Security (DHS), and U.S. Government Accountability Office (U.S. GAO).
• Coordinating with internal Smithsonian organization.

• Minimum of 5 years of incident response experience.

• Previously supported a security operations center and lead or perform IT security incident response activities.
• Proven analytical skills to assess and respond to various IT security incidents.
• Broad technical background with a strong understanding of network architectures and communications, operating systems (e.g. Microsoft and Linux), web platforms, and databases in order to respond to incidents and determine incident roots causes.

• Familiar with various forensic tools such as EnCase or FTK.
• Familiar with NIST and DHS US-CERT incident response requirements and guidelines.
• Experienced with creating and managing Splunk dashboards for event monitoring.
• Experienced with log and event correlation tools specifically Splunk) Enterprise and Enterprise Security and able to perform queries and reviews of alert information to determine possible security incidents.

• Ability to work independently and with other teams.
• Excellent writing, interpersonal and communication skills 
• Ability to communicate effectively with the team on assigned tasks, expectations, and schedules. 
• Organized; time management skills to forecast and stay ahead of deliverables/reporting requirements.
• Detail-oriented with the ability to coordinate, prioritize multiple tasks, and be adaptable to change to accomplish assignments.
• Excellent Customer Focus/Satisfaction skills 
• Strong/Natural understanding of and ability to demonstrate the Agile Defense Core Values: Happy, Helpful, Honest, Humble, Hungry, Hustle 
• Ability to manage multiple concurrent projects, solid writing skills, good analytical/problem-solving ability

• Contractor site with 0%-10% travel possible.
• Possible off-hours work to support releases and outages. General office environment.
• Work is generally sedentary in nature, but may require standing and walking for up to 10% of the time.
• The working environment is generally favorable. Lighting and temperature are adequate, and there are not hazardous or unpleasant conditions caused by noise, dust, etc.
• Work is generally performed within an office environment, with standard office equipment available.

About Us!

Agile Defense is an Information Technology Solutions provider committed to partnering with our customers to deliver the highest level of service to our customers. We provided Information Technology (IT) services to the U.S. Government, including several United States Civil agencies and various branches within the U.S. Department of Defense.

Agile Defense has established a solid reputation of partnering with our customers to deliver innovative IT solutions with our “Listen. Think. Innovate.” philosophy.

At Agile Defense, we know that our employees are our most important asset.  We believe in our responsibility to our fellow employees, customers, company, and to our country.  We promote teamwork, integrity, and creativity; we expect our fellow employees to also live these values.