Cyber Security Incident Response Lead

ASRC   •  

Moffett Field, CA

Industry: Professional, Scientific & Technical Services

  •  

8 - 10 years

Posted 50 days ago

ASRC Federal Research and Technology Solutions (ARTS) has a contract to provide comprehensive IT services to NASA Ames Research Center located in Mountain View, CA.

We are currently seeking a Cyber Security Incident Response Specialist to join our team supporting NASA's Security Operations Center (SOC).  

Responsibilities

  • Conduct highly technical examinations, analysis and reporting of computer based evidence related to security incidents (intrusion artifacts/IOCs) or investigations.
  • Effective and secure handling of digital evidence and matter confidentiality.
  • Perform incident triage and handling by determining scope, urgency and potential impact thereafter identifying the specific vulnerability and recommending actions for expeditious remediation.
  • Ability to analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents.
  • Document incidents from initial detection through final resolution.
  • Coordinate with and act as subject matter expert to resolve incidents by working with other information security specialists to correlate threat assessment data.
  • Maintain and expand related information security metrics.

ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.

AFHCM

CityMoffett FieldStateCaliforniaLocationNASA/AMES, MOFFETT FIELD-CA026Requirements

  • Bachelor's degree (B.A/B.S.) or equivalent in computer science, business administration, or equivalent discipline from an accredited college or university.
  • 7-9 years of experience as a computer forensics analyst with demonstrated skills in performing digital investigations including eDiscovery, and an understanding of network forensics (logging, architecture, appliances).
  • Must be a US Citizen with an active Top Secret SCI clearance
  • Knowledge of incident response processes (detection, triage, incident analysis, remediation and reporting).
  • High level of ethical hacker knowledge and understanding of malware/ransomware.
  • Strong knowledge of network protocols, Windows/Linux OS, IOCs and BIOCs
  • Understanding of network and system intrusion and detection methods; examples of related technologies include Splunk, Next Generation Endpoint Protection Platforms (EPP), Security information and event management (SIEM), Endpoint Detection and Response (EDR)
  • Expert knowledge and experience of Microsoft Windows Desktop Operating Systems.
  • Expert Knowledge in VMWARE, KVM and other virtualization technologies.
  • Ability to operate Linux workstations, servers.
  • Ability to build, maintain, and operate a sandbox lab environment.
  • Proven experience with most commonly used forensic toolkits such as FTK, Sift, and Sleuth Kit through the Acquisition, Analysis, and Reporting stages.
  • Proven training and experience in Encase equipment and usage of Write Block Applications.
  • Red Team experience
  • Comfortable analyzing malicious artifacts in a safe manner such as potentially malicious websites, emails and malware
  • Excellent written and verbal communication skills with the ability to express thoughts clearly and accurately, know how to listen, and contribute in a client-facing environment.
  • Strong attention to detail and organizational skills.
  • High Level of Competence with Microsoft Excel for manipulating, sorting, combining, and creating pivot tables.
  • Ability to multitask and work independently with minimal direction and maximum accountability

3057