Clearance Jobs
Cyber Security Detect and Response Lead
Responsibilities: Review all cases and create lessons learned documentation for analysts and government agencies to increase awareness. Must have working knowledge of the CJCSM 6510.01B (Cyber Incident Handling Program) Documents plans of action and milestones for corrective action following assessment activities and in response to identified vulnerabilities Provide regular case review briefs and reports to CSSP government customers. Manage 24/7 operations team of incident responders and Forensics Analysts to include: leave, shift coverage, annual reviews, perform feedback sessions, monitor training requirements, document successes and areas of improvement, high priority case remediation and its reporting requirements to leadership and DODIN when required. Monitor changes to ESM requirements (DOD 8530.01) and improve CSSP Detect and Response processes to ensure compliance every 6 months. Perform or direct changes to SOPs and Work Instructions as needed to ensure they are as up to date as possible and disseminate changes to Teams. Reports daily tasks performed by Detect & Response and Forensics Teams for shift change and provides continuity of effort across shifts. Collect and analyze network and/or host artifacts from a variety of sources to include logs, system images and packet captures to characterize activity, determine root cause, operational impact, and to enable rapid remediation and/or mitigation of cyber threats within the Enterprise Network through the investigation process. Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise. Perform cyber incident triage; to include determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation. Provide expert technical support and perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support subordinate organizations and system owners. Manage and document cyber defense incidents from initial detection through final resolution methods. Maintain an average of at least two new detection use cases per month during each year of contract execution. Detection use cases shall be based on current threats, the MITRE ATT&CK framework, or Government direction. Maintain metadata for all detection use cases to include use case owner, number of false positives identified, number of true positives identified, and average time to execute (based on incident detection monitoring analyst feedback). Analyze all completed incident records and make improvements to related detection use cases. Conduct refinements to correlation rules, filters, signatures, or plays to enhance overall effectiveness by lowering false-positive rates. Track and validate refinement requests and provide metrics on these activities monthly. Assist with developing methods for automating the execution of incident detection use cases that result in false-positive rates below 10%. Provide monthly reports on new automation actions and their results. Demonstrate effectiveness by creating detection use cases that successfully detect Red Team (penetration testing) activity. Utilize the MITRE ATT&CK matrix and other threat frameworks to develop detection use cases. Continually refine these processes with the goal of automating their execution. Provide subject matter expertise in creation, editing, and management of signatures, rules and filters for specialized network defense systems including but not limited to network and ESS IDS, IPS, firewall, web application firewall, proxy and SIEM systems. Analyze SIEM views daily to ensure views support detection and response operations. Modify SIEM views to eliminate false-positive or unnecessary alerts. Required Qualifications: Minimum of a Top-Secret Clearance. DOD 8570 IAT III and CSSP Analyst Certification BS 8-10 Years, MS 6-8, PhD 3-5 Experience with cyber security architecture principles that achieve cybersecurity framework goals. Work schedule: Monday-Friday, Day Shift 0800-1600. May be requested to work evenings and weekends to meet program and contract needs. 20% travel might be required to DTRA's Alternate Locations Overview: We are seeking a Cyber Security Detect and Response Lead to support our Prime Contract with the Defense Threat Reduction Agency at Fort Belvoir. This position requires an active Top-Secret Clearance and a DOD IAT level II and CSSP Analyst Support certification is required. TekSynap is a fast growing high-tech company that understands both the pace of technology today and the need to have a comprehensive well planned information management environment. "Technology moving at the speed of thought" embodies these principles - the need to nimbly utilize the best that information technology offers to meet the business needs of our Federal Government customers. We offer our full-time employees a competitive benefits package to include health, dental, vision, 401K, life insurance, short-term and long-term disability plans, vacation time and holidays.
Responsibilities: Review all cases and create lessons learned documentation for analysts and government agencies to increase awareness. Must have working knowledge of the CJCSM 6510.01B (Cyber Incident Handling Program) Documents plans of action and milestones for corrective action following assessment activities and in response to identified vulnerabilities Provide regular case review briefs and reports to CSSP government customers. Manage 24/7 operations team of incident responders and Forensics Analysts to include: leave, shift coverage, annual reviews, perform feedback sessions, monitor training requirements, document successes and areas of improvement, high priority case remediation and its reporting requirements to leadership and DODIN when required. Monitor changes to ESM requirements (DOD 8530.01) and improve CSSP Detect and Response processes to ensure compliance every 6 months. Perform or direct changes to SOPs and Work Instructions as needed to ensure they are as up to date as possible and disseminate changes to Teams. Reports daily tasks performed by Detect & Response and Forensics Teams for shift change and provides continuity of effort across shifts. Collect and analyze network and/or host artifacts from a variety of sources to include logs, system images and packet captures to characterize activity, determine root cause, operational impact, and to enable rapid remediation and/or mitigation of cyber threats within the Enterprise Network through the investigation process. Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise. Perform cyber incident triage; to include determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation. Provide expert technical support and perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support subordinate organizations and system owners. Manage and document cyber defense incidents from initial detection through final resolution methods. Maintain an average of at least two new detection use cases per month during each year of contract execution. Detection use cases shall be based on current threats, the MITRE ATT&CK framework, or Government direction. Maintain metadata for all detection use cases to include use case owner, number of false positives identified, number of true positives identified, and average time to execute (based on incident detection monitoring analyst feedback). Analyze all completed incident records and make improvements to related detection use cases. Conduct refinements to correlation rules, filters, signatures, or plays to enhance overall effectiveness by lowering false-positive rates. Track and validate refinement requests and provide metrics on these activities monthly. Assist with developing methods for automating the execution of incident detection use cases that result in false-positive rates below 10%. Provide monthly reports on new automation actions and their results. Demonstrate effectiveness by creating detection use cases that successfully detect Red Team (penetration testing) activity. Utilize the MITRE ATT&CK matrix and other threat frameworks to develop detection use cases. Continually refine these processes with the goal of automating their execution. Provide subject matter expertise in creation, editing, and management of signatures, rules and filters for specialized network defense systems including but not limited to network and ESS IDS, IPS, firewall, web application firewall, proxy and SIEM systems. Analyze SIEM views daily to ensure views support detection and response operations. Modify SIEM views to eliminate false-positive or unnecessary alerts. Required Qualifications: Minimum of a Top-Secret Clearance. DOD 8570 IAT III and CSSP Analyst Certification BS 8-10 Years, MS 6-8, PhD 3-5 Experience with cyber security architecture principles that achieve cybersecurity framework goals. Work schedule: Monday-Friday, Day Shift 0800-1600. May be requested to work evenings and weekends to meet program and contract needs. 20% travel might be required to DTRA's Alternate Locations Overview: We are seeking a Cyber Security Detect and Response Lead to support our Prime Contract with the Defense Threat Reduction Agency at Fort Belvoir. This position requires an active Top-Secret Clearance and a DOD IAT level II and CSSP Analyst Support certification is required. TekSynap is a fast growing high-tech company that understands both the pace of technology today and the need to have a comprehensive well planned information management environment. "Technology moving at the speed of thought" embodies these principles - the need to nimbly utilize the best that information technology offers to meet the business needs of our Federal Government customers. We offer our full-time employees a competitive benefits package to include health, dental, vision, 401K, life insurance, short-term and long-term disability plans, vacation time and holidays.