|Date Posted||March 10, 2019|
Title: Security Analyst – Cyber Incident Response
Location: Chicago, IL
Hours of Support: Shift 1 - 6:00 AM to 2:30 PM
Roles and Responsibilities:
Cyber Incident Responder well-versed in security operations, cyber security tools, intrusion detection, and secured networks. Serve as an expert responsible for providing network and security operations technical analysis, assessment and recommendations in the areas of real-time security situational awareness, operational network system and applications systems security monitoring.
Duties and responsibilities may include, but are not limited to:
- Utilize various security tools (e.g., Splunk, Splunk Enterprise Security, Palo Alto Networks, SourceFire, Cisco ASA) to identify potential incidents, network intrusions, and malware events, etc. to ensure confidentiality, integrity, and availability of VA architecture and information systems are protected
- Track investigations in Help Desk systems including Remedy and Service Now
- Utilization of Splunk ES SIEM to respond to incidents detected on the VA network
- Reviewing and analyzing log files to report any unusual or suspect activities
- Utilize incident response use-case workflows to follow established and repeatable processes for triaging and escalating
- Generating trouble tickets and performing initial validation and triage to determine whether incidents are security events.
- Complete investigations in to identified cyber events and hand over as appropriate
- Following established incident response procedures to ensure proper escalation, analysis and resolution of security incidents
- Develop and maintain Incident Response procedures and Security SOPs.
- Analyzing and correlating incident event data to develop preliminary root cause and corresponding remediation strategy
- Communicate effectively to all customers and stakeholders
- Work with other contract teams to effectively respond to cyber incidents
- Providing technical support for new detection capabilities, recommendations to improve upon existing tools/capabilities to protect the network and High Value Assets
To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:
- Bachelor’s degree Computer Science, Information Systems Management, Engineer or related field and minimum 2 years of experience. Additional 4 years of experience will be accepted in lieu of the degree.
- 2 years of experience with advanced cyber security tools, network topologies, intrusion detection, PKI, and secured networks. Understanding of NIST SP 800-61, US CERT and Office of Management and Budget (OMB) standards. Interpreting and implementing cyber security regulations.
- Certification in one of the following (Security+, Network+, VA CSP, CISSP, C|EH) or 2 years of additional experience overrides certification requirement.
- Excellent written skills for preparing reports and briefings.
- Excellent analytical and problem solving skills
- Must be able to obtain a Public Trust clearance (Veterans Affairs High Security Investigation)
Candidates with these desired skills will be given preferential consideration:
- Bachelor’s Degree
- Knowledge of VA culture, mission, and IT environment
- Certification in one of the following (Security+, Network+, VA CSP, CISSP, C|EH)
Apex is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 844-463-6178