Cybersecurity Incident Response
NOTE: In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document upon hire (USCIS FORM I-9).
GuardSight does not currently offer visa sponsorship.
All applicants must pass a background check.
Job Purpose: Respond to urgent or crisis situations within client network’s to effectively mitigate threats through preparedness, response and recovery approaches, as needed, to maximize preservation of property and information. To investigate and analyze all relevant response activities.
- Participate in, and drive, security incident response investigations to resolve CND incidents
- Perform forensically sound collection of intrusion artifacts (e.g., source code, malware, and trojans), and use discovered data to enable mitigation of potential threats within client networks
- Collect, track, and document computer network defense (CND) incidents from initial detection through final resolution
- Monitor external data sources (e.g., CND vendor sites, Computer Emergency Response Teams, SANS, Security Focus) to maintain currency of CND threat condition and determine which security issues may have an impact on the enterprise
- Perform analysis of log files from various sources to identify threats (e.g. host logs, proxy logs, network traffic logs, firewall logs; and intrusion detection system (IDS) logs
- Perform CND incident triage, determining scope, urgency, and potential impact; identifying vulnerability; and making recommendations that enable fast remediation
- Perform command and control functions in response to incidents
- Perform real-time CND incident handling (e.g.,intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)
- Perform forensically sound collection of images and inspect to discern possible mitigation/remediation within enterprise systems
- Receive and analyze network alerts from various sources and determine possible cause.
- Write and publish CND guidance and reports on incident findings to appropriate constituencies.
- Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness)
- Serve as technical expert and liaison to law enforcement personnel, explaining incident details as required
- Knowledge of Transmission Control Protocol and Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]), directory services (e.g., Domain Name System [DNS]) and how they interact to provide network communication
- Knowledge of CND policies, procedures, and regulations
- Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution)
- Knowledge of intrusion detection methodologies and techniques for detecting host- and network-based intrusions via intrusion detection technologies
- Knowledge of incident response and handling methodologies (e.g. incident categories, incident responses, and timelines for responses) and security event correlation tools
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
- Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth)
- Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities
- Skill in handling malware and protecting a network against potential threats via use of malware analysis concepts and methodology
- Knowledge of general attack stages (e.g., footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
- Skill in recognizing and categorizing types of vulnerabilities and associated attacks
- Knowledge in packet-analysis and network traffic analysis
- Skill in securing network communications
- Skill in performing damage assessments
- Skill in preserving evidence integrity according to standard operating procedure or national standards
- Knowledge of basic system administration, network, and operating system hardening techniques
- Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools
General Skills / Qualifications:
- Strong written and oral communication skills
- Strong interpersonal communication skills
- Ability to follow instructions
- Ability to work as part of a team
- Ability to work independently
- Must have a 'warrior mentality'
Security Analyst I Skills / Qualifications:
- Bachelor’s degree and two years of IT / information security experience; One year of additional IT / information security experience may be substituted for each year of degree-level education.
- CISSP or SANS or equivalent information security certification required
- Additional minimum of one IT and / or information security discipline certification desired
Security Analyst II Skills / Qualifications:
- Bachelor’s degree and four years of IT / information security experience security experience; Two years of additional IT / information security experience may be substituted for each year of degree-level education
- CISSP certification required
- Additional minimum of one IT / information security security discipline certification required
To be discussed