Cybersecurity Incident Manager (L3)

Solutions³ LLC is supporting our prime contractor and their U.S. Government customer to provide support for onsite incident response to civilian Government agencies and critical asset owners who experience cyber-attacks, providing immediate investigation and resolution.

Solutions³ LLC is seeking an Incident Manager III to perform investigations to characterize the severity of breaches, develop mitigation plans, and assist with the restoration of services.

• Must be a US Citizen
• Must have an active TS/SCI clearance
• Must be able to obtain DHS Suitability prior to starting employment
• 5+ years of directly relevant experience in cyber incident management or cybersecurity operations

• Correlating incident data to identify specific trends in reported incidents
• Recommending defense in depth principles and practices (i.e., Defense in Multiple Places, layered defenses, security robustness, etc.)
• Performing Computer Network Defense incident triage to include determining scope, urgency, and potential impact
• Researching and compiling known resolution steps or workarounds to enable mitigation of potential Computer Network Defense incidents within the enterprise
• Applying cybersecurity concepts to the detection and defense of intrusions into small and large-scale IT networks, and conducting cursory analysis of log data
• Monitoring external data sources to maintain currency of Computer Network Defense threat condition and determine which security issues may impact the enterprise
• Identifying the cause of an incident and recognizing key elements to ask external entities when learning the background and potential infection vector of an incident
• Receiving and analyzing network alerts from various sources within the enterprise and determining possible causes of such alerts
• Tracking and documenting Computer Network Defense (CND) incidents from initial detection through final resolution, and working with other organizational components to coordinate information
• Providing support during assigned shifts

• Knowledge of incident response and handling methodologies
• Familiarity with NIST 800-62 (latest revision), and FISMA standards related to incident reporting
• Knowledge of the NCCIC National Cyber Incident Scoring System for incident triage prioritization
• Understanding of attack stages (e.g., footprinting, scanning, enumeration, gaining access, escalation, etc.)
• Skill in recognizing and categorizing vulnerabilities and attacks
• Knowledge of system administration and operating system hardening techniques
• Understanding of different operational threat environments (script kiddies, non-nation-state, nation-state)
• Knowledge of system and application security threats and vulnerabilities (buffer overflow, cross-site scripting, injections, etc.)

• Knowledge of operational threat environments and security threats as listed above

We've received your resume. Click here to update it.

Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or paste resume.

Provide the level of Security Clearance you currently hold.*

Do you understand the job responsibilities and feel you would be successful in executing these tasks? If yes, be prepared to provide examples during an interview or email them in advance.

Do you understand the required job skills and feel you possess those skills? If yes, be prepared to provide examples during an interview and/or email them in advance.

Is the location shown in the Job Description within communicating distance for you? The prime will not accept anyone more than 2 hours from the site location. *

The client requires their own suitability process, which must be completed BEFORE an official start date can be set. This process may take 4-6 weeks. Would this inhibit your application?

If referred by a Solutions³ team member or partner, please indicate here: