Cyber Defense Incident Responder

Job Description

Cyber Defense Incident Responder

Knowledge, Skillset, and Abilities (KSAs) – Investigates, analyzes, and responds to cyber incidents within the network environment or enclave.

Coordinates and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents

Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation

Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security

Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation

Perform real-time cyber defense incident handling (e.g. forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)

Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts

Coordinate with intelligence analysts to correlate threat assessment data

Perform cyber defense trend analysis and reporting

Coordinate incident response functions

Specific Requirements

Direct Correlation with KSAs

Specific Deliverables

Notify designated managers, and cybersecurity service provider team members of suspected security incidents and communicate the event history, status. and potential impact for further action in accordance with the organization’s cyber incident response plan

Notes

Technical Field Experience weighted greater than minimum education

Clearance – Q desired, L required

Must be able to work a hybrid weekly schedule both onsite (Amarillo, TX) and remote

Full-time

Hybrid remote