Dice is the leading career destination for tech experts at every stage of their careers. Our client, Totally Joined For Achieving Collaborative Techniques (tjfact), LLC, is seeking the following. Apply via Dice today!
About Us:
Totally Joined For Achieving Collaborative Techniques (TJFACT) is a minority-owned, CVE-verified Service Disabled Veteran Owned Small Business (SDVOSB) performance driven professional services government contracting company that provides a broad spectrum of services and solutions to the U.S. government agencies and organizations.
About this Position:
TJFACT is seeking a well-qualified
Incident Response Analyst to support the
Bureau of the Fiscal Service (FS), on behalf of the Office of Financial Research (OFR) in
Washington, DC!
The mission of the OFR is to support the Financial Stability Oversight Council (FSOC) in promoting financial stability by: collecting data on behalf of FSOC; providing such data to FSOC and member agencies; standardizing the types and formats of data reported and collected; performing applied research and essential long-term research; developing tools for risk measurement and monitoring; performing other related services; making the results of the activities of the OFR available to financial regulatory agencies; and assisting such member agencies in determining the types of formats of data authorized to be collected by such member agencies.
The
Incident Response Analyst is an on-call role providing day-to-day incident response across the OFRAE and JADE networks. This includes investigating alerts from the SOC, third party notifications, and other security tools; working with Enterprise System owners to remediate immediate threats and incidents; knowledge capture and investigation tracking documentation to maintain knowledge on the team; monitor and notify of security tool outages and issues; participate in process enhancements through after-action reports, tabletop exercises, and peer consulting as needed.
This role is contingent upon reward.
Major Duties And Responsibilities
- Assess cybersecurity incidents to investigate, validate, respond, and recover the environment, and perform additional activities such as root cause analysis and resilience recommendations. Serve as the primary escalation point for the SOC in the event of an incident.
- Communicate and coordinate with internal and external teams during incidents and breaches. Design, implement, and document IR processes, procedures, playbooks, and guidelines.
- Participate in breach and attack simulation and purple teaming exercises to stress test the incident response plans and playbooks.
- Compose and deliver executive-level reports, presentations, and postmortems for key stakeholders.
- Provide relevant, strategic recommendations to help improve the security posture of an organization during and after an incident.
- Analyze emerging threats to improve and maintain the detection and response capabilities of the organization. EDR/IDS/IPS
- NDR/Network
- Identity Provider (IdP) authentication policies Email defense platforms
- Integration of threat intelligence feeds with security policy enforcement points SIEM and XDR detections
- Security orchestration, automation, and response (SOAR) playbook development
- Apply knowledge of monitoring, analyzing, detecting, and responding to cyber events to develop clever, efficient methods and technology to detect all types of threat
- Document specifications, playbooks, and detections - not as an afterthought, but through the whole process Work with developers to build security automation workflows, enrichments, and mitigations.
- Evaluate policies and procedures and recommend updates to management as appropriate
Required Qualifications:
- Ability to maintain a Public Trust High (Tier 4/BI) Risk Level
- Bachelor s degree or equivalent practical experience in incident response, computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering
- Four (4) or more years in an incident response role required.
- Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling preferred.
- Expertise in at least one blue team capability be it CTI, forensics, malware, etc.
- Programming and scripting languages, preferably Python and PowerShell. Scripting and automation for use in SOAR is a plus.
- Strong written and verbal communication skills; must be able to effectively communicate to all levels of staff up to executive-level management, customers (internal and external), and vendors.
- Deep understanding of computer systems and concepts, including operating systems, computer networking, cloud computing.
- Continually updated understanding of and ability to recognize and categorize types of vulnerabilities, exploits, and associated attacks.
- Continually updated understanding of and ability to identify, capture, contain, and report malware.
- Ability to preserve evidence integrity in keeping with standard operating procedures and/or national standards. Motivation to continually improve the incident response program and associated policies and procedures.
- Identification of opportunities to improve collaboration and communication with internal and external stakeholders to mitigate incidents and follow protocols
- On-Call nights and weekends based on response SLA requires curiosity and tenacity as related to forensic investigations and threat hunting
- Ability to work effectively under pressure; previous experience as an emergency medical responder, firefighter, or related high-pressure environment preferred but not required
- Willingness and experience in supporting people from a variety of backgrounds and areas across the organization
- Common attacker types and motivations (e.g., nation-state sponsored, ransomware gang, script kiddie, insider threat, etc.)
- Familiar with and have worked within security frameworks such as: NIST SP 800-61, Attack lifecycle, SANS Security Controls, MITRE ATT&CK, Kill chain, OWASP Top 10
- Experience in ticketing workflow, EDR and endpoint data investigations, network pcap and netflow investigation, and other security tool alerting workflow and pivoting
- Ability to leverage and work with new capabilities as they are deployed including deception infrastructure, continuous penetration testing, data loss prevention (DLP), and machine learning capabilities
- Ability to advise and build automations and complex playbooks to further improve the response capability of the team. This is a highly technical role that requires a solid understanding of incident response and security practices.
Preferred Qualifications:
- Preference given for CCE, CCFE, CEH, CPT, CREA, GCFE, GCFA, GCIH, GCIA GIAC, Splunk Core, OSCP, SANS Security 500 Series or other industry standard equivalent
BENEFITS:
- Medical, Vision and Dental Insurance
- 401-K plus match
- Paid Vacation days
- Paid holidays
- Short Term and Long-Term Disability
- Voluntary Term Life
TJFACT is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status or status as an individual with a disability. EOE/Minority/Female/Disabled/Veteran. We reserve the right to modify or revise the job descriptions in part or in its entirety. Reasonable accommodation will be made in accordance with governing law.
