Skip to content
Incident Response Analyst
| Company | Leidos |
|---|
| Location | Arlington, VA, USA |
|---|
| Salary | $104650 – $189175 |
|---|
| Type | Full-Time |
|---|
| Degrees | Bachelor’s |
|---|
| Experience Level | Senior, Expert or higher |
|---|
Requirements
- In-depth knowledge of each phase of the Incident Response life cycle
- Expertise of Operating Systems (Windows/Linux) operations and artifacts
- Understanding of Enterprise Network Architectures to include routing/switching, common protocols (DHCP, DNS, HTTP, etc), and devices (Firewalls, Proxies, Load Balancers, VPN, etc)
- Ability to recognize suspicious activity/events, common attacker TTPs, and perform logical analysis and research to determine root cause and scope of Incidents
- Be familiar with Cyber Kill Chain and have utilized the ATT&CK Framework
- Have scripting experience with Python, PowerShell, and/or Bash
- Ability to independently prioritize and complete multiple tasks with little to no supervision
- Flexible and adaptable self-starter with strong relationship-building skills
- Strong problem-solving abilities with an analytic and qualitative eye for reasoning
- Strong verbal and written communication skills
- Ability to communicate with all levels of audiences (subordinates, peers & leadership)
- Experience in the areas of incident detection and response, malware analysis, or computer forensics
- Bachelors’ degree in Computer Science, Engineering, Information Technology, Cyber Security, or related field and 8-12 years of related experience
- Should have at least one of the following certifications: SANS GIAC: GCIH, GCIA, GCFA, GPEN GCFE, GREM, CISSP OSCP, OSCE, OSWP
Responsibilities
- Coordinate investigation and response efforts throughout the Incident Response lifecycle
- Correlate and analyze events and data to determine scope of Cyber Incidents
- Acquire and analyze endpoint and network artifacts, volatile memory, malicious files/binaries and scripts
- Recognize attacker tactics, techniques, and procedures as potential indicators of compromise (IOCs) that can be used to improve monitoring, analysis and Incident Response
- Develop, document, and maintain Incident Response process, procedures, workflows, and playbooks
- Tune and maintain security tools (EDR, IDS, SIEM, etc) to reduce false positives and improve SOC detection capabilities
- Document Investigation and Incident Response actions taken in Case Management Systems and prepare formal Incident Reports
- Create metrics and determine Key Performance Indicators to drive maturity of SOC operations
- Develop security content such as scripts, signatures, and alerts
Preferred Qualifications
- Experience in cyber government, and/or federal law enforcement FISMA systems
