JobHire
face icon
Register to automatically apply for this and similar jobs
Register
star

Cyber Defense Incident Responder (CDIR) / Mostly Remote

Global Engineering & Technology, Inc. (GET)

Oak Ridge, tennessee


Job Details

Full-time


Full Job Description

THIS POSITION IS MOSTLY REMOTE - In its majority, work will be performed remotely from the employee's place of residence. Pre-planned travel to Oak Ridge, Tennessee, will be required twice per quarter (generally 5-day trips, Sunday through Thursday).

Global Engineering and Technology (GET) is seeking qualified applicants for the position of Cyber Defense Incident Responder (CDIR) to join our cybersecurity team supporting a national security site belonging to the United States Department of Energy (DOE). This is a highly compensated, high-responsibility technical guidance position that is central to our mission's success. This is a full-time position as a GET employee with paid leave and benefits.

Pre-planned travel to Oak Ridge, Tennessee, will be required twice per quarter (generally 5-day trips, Sunday through Thursday).

The CDIR uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats. The CDIR notifies designated managers and cybersecurity service provider team members of suspected security incidents and communicates the event's history, status, and potential impact for further action, in accordance with the organization's cyber incident response plan.

THE CDIR SHALL:

  • Coordinate and provide senior-level technical support to enterprise-wide cyber defense analysts to resolve cyber defense Incidents
  • Determine the scope, urgency, and impact of cyber defense incidents
  • Coordinate incident response functions and recommend incident remediation strategies
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security
  • Perform cyber defense incident triage, including determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation
  • Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)
  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
  • Track and document cyber defense incidents from initial detection through final resolution
  • Coordinate with intelligence analysts to correlate threat assessment data
  • Perform cyber defense trend analysis and reporting

Requirements

Security Clearance:

This position requires a current DOE "Q" or DoD, DHS, or IC "Top Secret" security clearance.

Required education and experience:

  • Pertinent certifications and military training will be considered toward degree and experience requirement
  • Associate's degree in a technical field and 10 years of recent hands-on cyber defense incident response experience
  • Bachelor's degree in a technical field and 5 years of recent hands-on cyber defense incident response experience

Required knowledge (as demonstrated by technical expertise and certification):

  • Computer networking concepts and protocols, and network security methodologies
  • Cyber threats and vulnerabilities
  • Authentication, authorization, and access control methods
  • Cyber defense and vulnerability assessment tools and their capabilities
  • Host/network access control mechanisms (e.g., access control list, capabilities lists)
  • Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins)
  • Incident response and handling methodologies
  • Intrusion detection methodologies and techniques for detecting host and network-based intrusions
  • Information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)
  • Network access, identity, and access management
  • Network traffic analysis methods
  • Operating systems
  • System and application security threats and vulnerabilities
  • Virtual Private Network (VPN) security
  • What constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities
  • Insider Threat investigations, reporting, investigative tools and laws/regulations
  • Adversarial tactics, techniques, and procedures
  • Network tools (e.g., ping, traceroute, nslookup)
  • The common attack vectors on the network layer
  • Signature implementation impact for viruses, malware, and attacks
  • Windows/Unix ports and services
  • The use of sub-netting tools
  • Operating system command-line tools
  • Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications
  • Network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services

Required skills (as demonstrated by technical expertise and certification):

  • Developing and deploying signatures
  • Detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort)
  • Using incident handling methodologies
  • Recognizing and categorizing types of vulnerabilities and associated attacks
  • Reading and interpreting signatures
  • Performing packet-level analysis
  • Ability to analyze malware
  • Conduct vulnerability scans and recognize vulnerabilities in security systems
  • Accurately and completely source all data used in intelligence, assessment and/or planning products
  • Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
  • Apply techniques for detecting host and network-based intrusions using intrusion detection technologies
  • Interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute)
  • Excellent report writing and presentation skills with the ability to explain technical details in a concise, understandable manner

Benefits

We provide exceptional benefits to our full-time employees (spouse/family coverage option also available at a company-subsidized rate).

Benefits include:

  • Medical plan options with UnitedHealthcare
  • Dental Insurance
  • Long-term and Short-term Disability Insurance
  • Life Insurance
  • AD&D Insurance
  • Generous 401(k) match

All benefits are effective on day one of employment.
Global Engineering & Technology, Inc. is an equal opportunity employer and does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in provision of employment opportunities and benefits.

Get 10x more interviews and get hired faster.

JobHire.AI is the first-ever AI-powered job search automation platformthat finds and applies to relevant job openings until you're hired.

Registration