Cyber Security Operations Specialist Tier 3
D2 Consulting · Springfield, VA · 2 mo ago
On-siteEngineeringFull-time
What You’ll Do:
- Incident Response Leadership: Coordinate and execute tasks during cybersecurity incidents, including containment measures, IP/domain blocks, and disabling user accounts under Government direction.
- Collaborative Investigations: Work closely with the Security and Installations Directorate, Insider Threat Office, law enforcement, and counterintelligence personnel to triage and investigate incidents.
- Incident Reporting & Categorization: Produce detailed security incident reports, categorize events, and ensure proper reporting, containment, and eradication of incidents.
- Cross-team Coordination: Ensure seamless coordination across contracts and organizations to de-conflict blue/red team activities and ensure recovery from incidents.
- Documentation & Analysis: Develop timelines, briefings, and documentation to inform stakeholders about incident impacts and response actions. Keep detailed records of actions taken in authorized ticketing systems.
- Custom Tools & Scripting: Develop and execute custom scripts and tools to analyze data and respond to incidents, when authorized by the Government.
- Digital Media & Malware Analysis: Perform in-depth analysis of host, server, and network data, including volatile and non-volatile memory, system artifacts, and malware reverse engineering.
- Adversary Attribution & Signature Development: Identify indicators of compromise and develop signatures to share with cybersecurity stakeholders. Provide detailed adversary attribution to support incident response.
- Continuous Improvement: Collaborate with Tier 1 and 2 teams to remediate discrepancies and provide recommendations to prevent future incidents.
What You’ll Need to Succeed:
- Experience: A Bachelor's Degree or 8+ years of relevant cybersecurity experience, with a strong focus on incident response and digital forensics.
- Security Clearance: Active TS/SCI clearance with the ability to obtain a polygraph.
- Certifications: Must have or be able to obtain certifications as required by DoDD 8140.01 and DoD 8570.01-M IAT Level II and CSSP Incident Responder within six months of start.
- Advanced Cybersecurity Skills: Expertise in malware analysis, digital forensics, and response to cybersecurity incidents, including host, server, and network data analysis.
- Technical Expertise: Proficiency in scripting and automation, with a focus on developing custom tools to enhance incident response capabilities.
- Strong Communication: Ability to work under pressure and clearly communicate complex technical details to both internal teams and external stakeholders.
- Collaboration & Coordination: Experience working as part of a team, coordinating efforts across multiple organizations and government agencies to ensure swift and effective incident response.
- Documentation & Reporting: Skilled at creating detailed incident reports, timelines, and recommendations, with a focus on clear, actionable insights.
Preferred Qualifications:
- Advanced Degree: A Master's degree in Cybersecurity or a related field.
- Higher-Level Certifications: IAT III certification or equivalent expertise in the cybersecurity field.