Bespoke Corps LLC
Cybersecurity Service Provider/Incident Response (CSSP/IR) Analyst
Bespoke Corps LLC, Arlington, Virginia, United States, 22201
Overview
Bespoke Corps, LLC is looking for a qualified candidate to provide on-site support to one of our valued Department of Defense (DoD) customers. We are seeking a (CSSP/IR) specialist with specific skills in intrusion detection/prevention and cybersecurity tools administration. The specialist will perform full-spectrum CSSP/IR in accordance with DoD and NIST policy and process frameworks, and open and closed source cybersecurity intelligence (fusion) research and analysis. The ideal candidate is self-motivated, thrives in team-based work environments, and has strong verbal and written communication skills. The candidate will demonstrate experience supporting DoD/US Government organizations and agencies. Additionally, the candidate must support rotational weekend and holiday workdays. Responsibilities
Provide on-site CSSP/IR support to a DoD customer. Perform full-spectrum CSSP/IR in accordance with DoD and NIST policy and process frameworks. Conduct open and closed source cybersecurity intelligence research and analysis. Collaborate within a team-based environment and communicate effectively with stakeholders at all levels. Demonstrated Experience (Minimum 3 years)
Strong technical skills and a firm and thorough understanding of CSSP/IR tools (e.g., SIEM tools) and ability to identify new and emerging threats. Providing detailed triage of CSSP/IR incidents including implementing intrusion detection and prevention signatures. Conducting active hunting for network intrusions involving manual packet capture analysis, DNS log review, open source, and closed source intel analysis. Knowledge of Advanced Persistent Threats (APT), network attack patterns, detection techniques, trends, threat actors, and defense strategies. Creating detailed reports on attack trends and recommended mitigations suitable for senior leaders and technical audiences. Extensive experience creating detailed reports pertaining to various cybersecurity-related concerns or events. Gathering, analyzing, and implementing defenses against Indicators of Compromise (IoCs) from open forums, closed forums, mailing lists, and directed research. Ability to collaborate well within a team construct. Other Skills/Qualifications
Current TS security clearance with current SCI access, or have been granted SCI access within the past 24 months. Obtain an active CEH certification. DoD 8570 IAT-II or above professional certification (e.g., Security+, GCIH). Knowledge and experience categorizing CSSP/IR incidents with CJCSM 6510 Incident Response Categories. Experience with creating and implementing custom Yara, Snort, and ESS rules. Knowledge of scripting languages such as Python is a plus. Academic Qualifications
BS in computer science, engineering, mathematics, business or related field of study from an accredited institution. Work Demands and Environment
The work environment and physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to talk or hear. The employee is frequently required, sometimes for extended periods, to walk, stand, or sit. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets, and fax machines. The employee must occasionally lift and/or move small or large objects up to 50 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, depth perception, and the ability to adjust focus. Travel
There is no travel expected for this position. Job Location
Arlington, VA Weekly Schedule
Monday Friday, 7:00am-3:00pm (Occasional Rotational Holiday Support). Candidate Type
W-2 candidates are welcome to apply (please include a current version of your resume). CYBERSECURITY SERVICE PROVIDER/INCIDENT RESPONSE ANALYST #J-18808-Ljbffr
Bespoke Corps, LLC is looking for a qualified candidate to provide on-site support to one of our valued Department of Defense (DoD) customers. We are seeking a (CSSP/IR) specialist with specific skills in intrusion detection/prevention and cybersecurity tools administration. The specialist will perform full-spectrum CSSP/IR in accordance with DoD and NIST policy and process frameworks, and open and closed source cybersecurity intelligence (fusion) research and analysis. The ideal candidate is self-motivated, thrives in team-based work environments, and has strong verbal and written communication skills. The candidate will demonstrate experience supporting DoD/US Government organizations and agencies. Additionally, the candidate must support rotational weekend and holiday workdays. Responsibilities
Provide on-site CSSP/IR support to a DoD customer. Perform full-spectrum CSSP/IR in accordance with DoD and NIST policy and process frameworks. Conduct open and closed source cybersecurity intelligence research and analysis. Collaborate within a team-based environment and communicate effectively with stakeholders at all levels. Demonstrated Experience (Minimum 3 years)
Strong technical skills and a firm and thorough understanding of CSSP/IR tools (e.g., SIEM tools) and ability to identify new and emerging threats. Providing detailed triage of CSSP/IR incidents including implementing intrusion detection and prevention signatures. Conducting active hunting for network intrusions involving manual packet capture analysis, DNS log review, open source, and closed source intel analysis. Knowledge of Advanced Persistent Threats (APT), network attack patterns, detection techniques, trends, threat actors, and defense strategies. Creating detailed reports on attack trends and recommended mitigations suitable for senior leaders and technical audiences. Extensive experience creating detailed reports pertaining to various cybersecurity-related concerns or events. Gathering, analyzing, and implementing defenses against Indicators of Compromise (IoCs) from open forums, closed forums, mailing lists, and directed research. Ability to collaborate well within a team construct. Other Skills/Qualifications
Current TS security clearance with current SCI access, or have been granted SCI access within the past 24 months. Obtain an active CEH certification. DoD 8570 IAT-II or above professional certification (e.g., Security+, GCIH). Knowledge and experience categorizing CSSP/IR incidents with CJCSM 6510 Incident Response Categories. Experience with creating and implementing custom Yara, Snort, and ESS rules. Knowledge of scripting languages such as Python is a plus. Academic Qualifications
BS in computer science, engineering, mathematics, business or related field of study from an accredited institution. Work Demands and Environment
The work environment and physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to talk or hear. The employee is frequently required, sometimes for extended periods, to walk, stand, or sit. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets, and fax machines. The employee must occasionally lift and/or move small or large objects up to 50 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, depth perception, and the ability to adjust focus. Travel
There is no travel expected for this position. Job Location
Arlington, VA Weekly Schedule
Monday Friday, 7:00am-3:00pm (Occasional Rotational Holiday Support). Candidate Type
W-2 candidates are welcome to apply (please include a current version of your resume). CYBERSECURITY SERVICE PROVIDER/INCIDENT RESPONSE ANALYST #J-18808-Ljbffr