Cybersecurity Incident Response Analyst

The Operations Watch Analyst is responsible for monitoring, analyzing, and responding to security incidents across various data sources and environments. This role involves validating and categorizing incidents, ensuring they are accurately reported according to the Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01B, and implementing appropriate response measures.

Responsibilities

1. Maintain and understand the directives of CJCSM 6510.01B.
2. Develop and manage internal standard operating procedures (SOPs) related to cybersecurity operations.
3. Ensure documentation and cybersecurity measures comply with CJCSM 6510.01B and other related policies.
4. Conduct network intrusion detection, monitor systems, and perform correlation analysis to support the Cybersecurity Service Provider (CSSP) and its clients.
5. Analyze suspicious events to confirm security incidents and document them in required systems.
6. Coordinate with Joint Force Headquarters DoD Information Network (JFHQ-DoDIN) and other entities to ensure thorough incident analysis and reporting.
7. Provide round-the-clock support for incident responses as required by CSSP, including outside of core business hours.
8. Conduct digital forensics on network and host systems, particularly Microsoft Windows, to support significant incident investigations.
9. Utilize tools such as Wireshark for full packet capture analysis and employ log correlation techniques using Splunk and other tools.
10. Engage in signature development for IDS/IPS solutions and participate in security evaluations and certifications.

Requirements

1. U.S. citizenship.
2. Secret Clearance; must be eligible for TS/SCI.
3. Bachelor’s degree in a relevant field or three years of relevant experience, preferably in a DoD setting.
4. Willingness to travel up to 15% internationally; emergency travel may be required on 72-hour notice.
5. Must possess IAT Level II and CSSP Compliant Certifications.

Preferred

1. Over three years of experience in incident response.
2. Independent problem-solving skills.
3. Comprehensive knowledge of incident response procedures and packet analysis.
4. Proficiency in IDS/IPS, host-based tools, and log aggregation technologies.
5. Strong analytical abilities and effective communication skills.

Additional Information:

1. Due to operational needs, candidates should be flexible regarding shift assignments as they are subject to change based on organizational requirements.
2. Work shifts include four ten-hour days weekly, which may include weekends (e.g., Wednesday to Saturday or Sunday to Wednesday).

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.