Watch Incident Response Analyst
- Charleston, SC
AbleVets, A Cerner Company, provides healthcare information technology services and resources to help the VA and DoD improve the lives of the people they serve. AbleVets has an opportunity for an experienced Watch Incident Response Analyst to support information technology projects for our customers. The position will be based on site at our customer’s facility in Charleston, SC.
The Watch Incident Response Analyst will identify, isolate, investigate, inform, and implement measures to detect and protect data across a wide spectrum of sources and locations. The candidate is required to validate suspicious events or reports and determine if the event constitutes an incident. The candidate will ensure incidents are properly entered into the appropriate reporting system and determine the severity of the incident. Duties and responsibilities include, but are not limited to:
- Maintain familiarity with CJCSM 6510.01B
- Compile and maintain internal standard operating procedure (SOP) documentation
- Ensure associated documentation and capabilities remain compliant with CJCSM 6510.01B and other applicable policy directives
- Provide network intrusion detection and monitoring, correlation analysis, incident response and support for the customer and its subscriber sites
- Validate suspicious events or reports and determine if the event constitutes an incident and properly enter associated data into the appropriate reporting systems
- Coordinate with JFHQ-DoDIN and supported entities regarding significant incidents to ensure proper analysis is performed and timely and accurate reporting of the incident is completed.
- Provide 24x7 support for the Incident Response capability during non-core business hours consistent with facility requirements as needed.
- Performs network and host-based digital forensics on Microsoft Windows based systems and other operating systems as necessary to enhance response to, support of, and investigation into significant network incidents
- Possess working knowledge of full packet capture PCAP analysis and accompanying tools (Wireshark, etc.).
- Explore patterns in network and system activity via log correlation using Splunk and supplemental tools
- Possess understanding of IDS/IPS solutions to include signature development and implementation
- Participate in program reviews, product evaluations, and onsite certification evaluations.
- Authorized to view alerts for IDS/IPS
- Authorized to view Audit Records on Central Log Server
- Bachelor's degree and zero (0) years of experience. An additional three (3) years of relevant experience may be substituted for degree requirement
- DoD Secret Clearance with the ability to obtain a DoD Top Secret/SCI Clearance
- Must be able to obtain the following within 90 days of employment:
- DoDD 8140 CSSP Incident Responder or Analyst Category certification
- DoD or DoN Cybersecurity Workforce (CSWF) Certification or compliance (DoDD 8140 or SECNAV M-5239)
- Knowledge of Incident Response Procedures
- Knowledge of Packet Analysis
- Knowledge of IDS/IPS solutions
- Familiarity with various Host-Based Tools
- Experience with Log Aggregation Tools
- Logical thinking and analytical ability
- Verbal and written communication ability
- Limited travel may be required, up to 10%
- Ability to work overtime as needed to supporting incident response actions
- Must be able to work in a 24/7/365 environment with shift work
- Bachelor OR Graduate degree from accredited university/technical college in Cybersecurity, Computer Science, Information Systems, or other related scientific or technical discipline
- Knowledge of CJCSM 6510.01B
- Experience with Digital Forensics
- The ability to solve problems independently
AbleVets LLC appreciates your interest in our company as a place of employment. We are proud to be an equal opportunity/affirmative action employer and are committed to hiring and retaining a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, genetic information, disability, veteran status, or any other protected class. AbleVets is a VEVRAA Federal Contractor.
Back to top