Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cyber Incident Manager II
Company NAIS
Location Arlington, VA
Preferred GIAC Certifications GCIA, SEC508
Travel 5%
Salary $55K-$70K
URL https://nais-llc.com/careers/
Contact Name Josh Carlisle
Contact Email joshua.carlisle/at/nais-llc.com
Expires 2020-10-31

Job Description

Incident Manager (Level II)

These positions will be in support of the National Cybersecurity & Communications Integration Center’s (NCCIC’s) Hunt and Incident Response Team (HIRT) under the Department of Homeland Security (DHS).

Core Competencies:

Knowledge of incident response and handling methodologies
Knowledge of the NCCIC National Cyber Incident Scoring System to be able to prioritize triaging of incident
Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)
Skill in recognizing and categorizing types of vulnerabilities and associated attacks
Knowledge of basic system administration and operating system hardening techniques
Knowledge of Computer Network Defense policies, procedures, and regulations
Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored])
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code)
Level II (Possess GCIH and completion of SANS SEC508) (4-6 years incident management experience or cybersecurity operations experience with a High school diploma; or a Bachelor’s degree from an accredited college or university in Incident Management, Operations Management, Cybersecurity, or related discipline, and with 2-4 years of incident management or cybersecurity operations experience). Proficiency at level II includes all skills defined at level I in addition to the following:

Research and compile known resolution steps or workarounds to enable mitigation of potential Computer Network Defense incidents within the enterprise
Apply knowledge of the tactics, techniques, and procedures of various criminal, insider, hacktivist, and nation state threat actors to identify and validate threats
Apply cybersecurity concepts to the detection and defense of intrusions into small, and large-scale IT networks
Conduct cursory analysis of log data
Level III (Possess GCIH and completion of SANS SEC508. Also possess GCIA, GCFA, or GNFA)(7-9 years incident management experience or cybersecurity operations experience with a High school diploma; or a Bachelor’s degree from an accredited college or university in Incident Management, Operations Management, Cybersecurity, or related discipline, and with 5-7 years of incident management or cybersecurity operations experience) Proficiency level III includes all skills defined at level II in addition to the following:

Correlate incident data to identify specific trends in reported incidents
Recommend defense in depth principles and practices (i.e. Defense in Multiple Places, layered defenses, security robustness, etc.)
Perform Computer Network Defense incident triage to include determining scope, urgency, and potential impact; identify the specific vulnerability and make recommendations that enable expeditious remediation
Having close familiarity with NIST 800-62 (latest revision), and FISMA standards as they pertain to reporting incidents
Job Type: Full-time

Pay: $55,000.00 - $70,000.00 per year