This position is CONTINGENT upon contract award. Our recruiting
team will follow up with you on your application. Our hiring team
will not start the interview evaluation process until award.
Incident Responders must be able to perform the tasks and meet
the skills, knowledge and abilities as described in NIST Special
Publication 800-181 National Initiative for Cybersecurity Education
(NICE) Cybersecurity Workforce Framework for the role of Cyber
Defense Incident Responder (Work Role ID: PR-CIR-001).
Typical duties include:
- Analyze and define security requirements for Multilevel
Security (MLS) issues.
- Design, develop, engineer, and implement solutions to MLS
- Gather and organize technical information about an
organization's mission goals and needs, existing security products,
and ongoing programs in the MLS arena.
- Perform risk analyses which also includes risk assessment.
- Provide Tier 2 level incident response support by using a
variety of tools to investigate incidents and taking immediate
action or recommending a course of action to safeguard the
- Provide incident triage and response support to court units or
AO program office Incident Response Teams.
- Investigate and document incidents from end to end and identify
correlating information to determine incident impact, area of
effect, and mitigation requirements for the local court unit and
the client overall.
- Accurately review, annotate, and resolve security incidents
tasked by the Intrusion Detection Team, Watch Officer, SOC
management or other SOC teams.
- Conduct Incident Triage to prioritize newly identified security
incidents for follow-on action.
- Provide clear and actionable event notifications to
- Coordinate and provide direct support to local incident
responders at the circuit, local court unit and program office
- Document all communications and actions taken in response to
assigned incidents in the SOC ticketing system.
- Perform appropriate event escalation for events, notifications,
and non-responsiveness from customers.
- Continuously review and update the Incident Handlers (IH) Guide
and provide recommendations to annual updates for the SOC IR
- Bachelor's or comparative experience
- Must have at least one (1) certification in the field of
information security from a respectable security organization.
Desirable certifications include, but not limited to: GCIH, GCIA,
GCFE, GREM, GCFA, GSEC, Security , CEH, CISSP, CCNA (Security) or
- Minimum of 4 years of IT with at least 3 years of information
security operations center or incident response experience
Work will be performed inside a large facility. An inside
environment may be a cubicle (considerations: close quarters, low
to moderate noise, bright or dim lighting).
Work assignments vary based on client requirements.
Work may include travel with the military to participate in
exercises in austere conditions
Outside work may include various environmental conditions
including hot, dusty, cold, icy and windy climates.
Sitting at desk. Phone use and PC or laptop. Filing required.
May require lifting and carrying boxes of supplies or files up to
25 lbs. Extended periods of sitting while on PC/laptop or
Equipment and Machines
General office equipment, which includes: telephone, fax
machine, copier, PC/laptop, and other miscellaneous office
May require operating motor vehicles.
Regular attendance in accordance with established work schedule
It is important to be able to work any shift/designated hours
You may be asked to continue performance in support of a war,
contingency, or exercise
You may be asked to continue performance during inclement
weather or other conditions when others are not permitted to
Position may require night and weekend work and could include
travel with the military to participate in operations/exercises
located in areas with field conditions
Continental and Oversees travel may be required. It is important
to maintain a current passport.
Other Essential Functions
Employment is contingent upon obtaining all required
certifications within the timeframe specified in a waiver by the
government (if applicable) and maintaining required certifications
through the duration of the contract. Failure to obtain/maintain
required certifications will result in disqualification for this
position and could result in termination.
Candidate must exhibit a professional behavior that promotes
teamwork, fosters cooperation, and enhances productivity in the
workplace. Must be well organized with the ability to coordinate,
prioritize and execute multiple tasks simultaneously in a
high-pressure environment. Ability to communicate verbally and in
writing to work effectively with a variety of government, military
and contractor personnel at all levels.
Candidate must be able to interface effectively with individuals
at all levels of the organization.
Grooming and dress usually business casual, but dependent on
client's standards. Must not pose a safety hazard to employees
working in the same general area.
The position for which you are applying for requires a US
government security clearance. This is to advise you, that should
you be extended an offer, if you possess a dual citizenship (i.e.,
citizen of the US and another country), to be granted a clearance
you will be required to relinquish your citizenship in the foreign
a dual citizenship (i.e., citizen of the US and another
country), to be granted a clearance you will be required to
relinquish your citizenship in the foreign country.