Tier 2 IR Night Shift in Ashburn VA with Security Clearance - Base One Technologies
Ashburn, VA 20146
About the Job
Tier 2 IR Night Shift
Night Shift Front
Shift schedule: 7pm-7am, Sun-Tues, every other Wednesday.
Primary Responsibilities
• Utilize state of the art technologies such as host forensics tools(FTK/Encase), Endpoint Detection & Response tools, log analysis (Splunk) and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data.
• Conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response.
• Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis and incident response.
• Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes.
• Lead Incident Response activities and mentor junior SOC staff.
• Work with key stakeholders to implement remediation plans in response to incidents.
• Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership.
• Flexible and adaptable self-starter with strong relationship-building skills
• Strong problem solving abilities with an analytic and qualitative eye for reasoning
• Ability to independently prioritize and complete multiple tasks with little to no supervision Basic Qualifications
NEW REQUIREMENT as of 6/27/2022: In addition to uploading the resume, please email us a copy of the candidate’s current certifications (actual certificate) as a way to validate that certs are current and active. • Bachelor’s degree in Science or Engineering Field, IT, or Cybersecurity or related field
• 3+ years of experience be in the areas of incident detection and response, remediation malware analysis, or computer forensics.
• Must have at least one of the following certifications: • SANS GIAC: GCIA, GCFA, GPEN GCFE, GREM, or GCIH ISC2 CCFP, CCSP, CISSP, CERT CSIH EC Council: CHFI, Offensive Security: OSCP, OSCE, OSWP and OSEE Encase: EnCE, DOD 8570: IAT L3, CNDSP Analyst or IR Carnegie Mellon: CSIH
• Ability to script in one more of the following computer languages Python, Bash, Visual Basic or Powershell
• Must be a US citizen, no clearance required. Must Have One of the Following J3 Certifications
Tier 2 (Response/DMA):
GCIH – Incident Handler
GCFA – Forensic Analyst
GCFE – Forensic Examiner
GREM – Reverse Engineering Malware
GISF – Security Fundamentals
"GXPN – Exploit Researcher
and Advanced Penetration Tester"
GWEB – Web Application Defender
GNFA – Network Forensic Analyst
OSCP (Certified Professional)
OSCE (Certified Expert)
OSWP (Wireless Professional)
OSEE (Exploitation Expert)
CCFP – Certified Cyber Forensics Professional
"CISSP – Certified
Information Systems Security"
CCNA Security
CCNP Security
CEH – Certified Ethical Hacker
CHFI – Computer Hacking Forensic Investigator
LPT – Licensed Penetration Tester
ECSA – EC-Council Certified Security Analyst
ENSA – EC-Council Network Security Administrator
ECIH – EC-Council Certified Incident Handler
ECSS – EC-Council Certified Security Specialist
ECES – EC-Council Certified Encryption Specialist
EnCE
Windows Forensic Examinations – FTK WFE- FTK
Computer Incident Responders Course - CIRC
Windows Forensic Examination – EnCase – Counter Intelligence (CI) - WFE-E-CI
"Forensics and Intrusions in a Windows Environment -
FIWE" Preferred Qualifications
Experience in Federal Government, DOD or Law Enforcement in CND, IR or SOC role
Cyber Kill Chain Knowledge
Night Shift Front
Shift schedule: 7pm-7am, Sun-Tues, every other Wednesday.
Primary Responsibilities
• Utilize state of the art technologies such as host forensics tools(FTK/Encase), Endpoint Detection & Response tools, log analysis (Splunk) and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data.
• Conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response.
• Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis and incident response.
• Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes.
• Lead Incident Response activities and mentor junior SOC staff.
• Work with key stakeholders to implement remediation plans in response to incidents.
• Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership.
• Flexible and adaptable self-starter with strong relationship-building skills
• Strong problem solving abilities with an analytic and qualitative eye for reasoning
• Ability to independently prioritize and complete multiple tasks with little to no supervision Basic Qualifications
NEW REQUIREMENT as of 6/27/2022: In addition to uploading the resume, please email us a copy of the candidate’s current certifications (actual certificate) as a way to validate that certs are current and active. • Bachelor’s degree in Science or Engineering Field, IT, or Cybersecurity or related field
• 3+ years of experience be in the areas of incident detection and response, remediation malware analysis, or computer forensics.
• Must have at least one of the following certifications: • SANS GIAC: GCIA, GCFA, GPEN GCFE, GREM, or GCIH ISC2 CCFP, CCSP, CISSP, CERT CSIH EC Council: CHFI, Offensive Security: OSCP, OSCE, OSWP and OSEE Encase: EnCE, DOD 8570: IAT L3, CNDSP Analyst or IR Carnegie Mellon: CSIH
• Ability to script in one more of the following computer languages Python, Bash, Visual Basic or Powershell
• Must be a US citizen, no clearance required. Must Have One of the Following J3 Certifications
Tier 2 (Response/DMA):
GCIH – Incident Handler
GCFA – Forensic Analyst
GCFE – Forensic Examiner
GREM – Reverse Engineering Malware
GISF – Security Fundamentals
"GXPN – Exploit Researcher
and Advanced Penetration Tester"
GWEB – Web Application Defender
GNFA – Network Forensic Analyst
OSCP (Certified Professional)
OSCE (Certified Expert)
OSWP (Wireless Professional)
OSEE (Exploitation Expert)
CCFP – Certified Cyber Forensics Professional
"CISSP – Certified
Information Systems Security"
CCNA Security
CCNP Security
CEH – Certified Ethical Hacker
CHFI – Computer Hacking Forensic Investigator
LPT – Licensed Penetration Tester
ECSA – EC-Council Certified Security Analyst
ENSA – EC-Council Network Security Administrator
ECIH – EC-Council Certified Incident Handler
ECSS – EC-Council Certified Security Specialist
ECES – EC-Council Certified Encryption Specialist
EnCE
Windows Forensic Examinations – FTK WFE- FTK
Computer Incident Responders Course - CIRC
Windows Forensic Examination – EnCase – Counter Intelligence (CI) - WFE-E-CI
"Forensics and Intrusions in a Windows Environment -
FIWE" Preferred Qualifications
Experience in Federal Government, DOD or Law Enforcement in CND, IR or SOC role
Cyber Kill Chain Knowledge
Source : Base One Technologies