Cyber Incident Response Analyst (SME) - Hampton, VA (TS/SCI)

Cyber Incident Response Analyst (SME) - Hampton, VA (TS/SCI)

Seeking a Cyber Incident Response Analyst (SME) that will join the Cyber Security Incident Response Team on the DCGS Management Center (DMC) program located at Langley AFB that is highly motivated with a strong system administration background. The ideal candidate will be adept in both Windows and Linux environments, possess hands-on experience with ELK/Elastic Stack for threat detection and analysis, and demonstrate the ability to follow established Incident Response (IR) process with minimal supervision. The successful candidate will perform the following responsibilities onsite:

1. Lead and assist in incident response investigations through all phases (detection, containment, eradication, recovery, lessons learned) to ensure the confidentiality, integrity, and availability of the OA DCGS weapon system.
2. Utilize ELK/Elastic Stack to perform log analysis, threat detection, and investigations; Create and maintain security incident reports and dashboards.
3. Escalate and document internal/external security incidents through appropriate ticketing and reporting processing
4. Design, implement, and maintain cybersecurity SOPs and incident playbooks
5. Maintain documentation of IR processes and case notes; Ensure security testing and evaluations are completed and properly documented.
6. Support proactive threat hunting and vulnerability assessments
7. Analyze and correlate logs from varied data sources to identify patterns and anomalies
8. Understand network protocols and establish baselines to identify abnormal activity
9. Perform cyber threat analysis and reporting on information from both internal and external sources and appropriately apply gathered cyber threat intelligence to defending the enterprise network.
10. Apply knowledge of Zero-Day vulnerabilities and CVEs to incident handling and remediation
11. Collaborate with cross-functional teams and external stakeholders as needed
12. Provide guidance for securing information systems and support cyber vulnerability penetration assessments.
13. Operate independently during shifts and respond to security alerts with urgency

Qualifications:

• Top Secret/SCI security clearance.
• Bachelor's degree in IT Technology, Computer Science, or related field with 4+ year's of experience. Degree may be substituted with additional years of experience.
• DOD 8140 (8570) IAT Level II (Security+ or equivalent).
• Strong system administration skills across Windows and Linux platforms
• In-depth understanding of the Incident Response lifecycle
• Proficiency in using the Elastic Stack (Elasticsearch, Logstash, Kibana)
• Familiarity with enterprise security tools and procedures
• Strong problem-solving and analytical skills
• Comfortable working with limited supervision in a shift-work setting
• Availability to work weekends and holidays as part of our 24/7 operations

Desired:

• AF DCGS experience.
• Four to seven years of intelligence network communications or Systems Administration experience.
• Knowledge of security best practices and standards, including NIST, ISO, and SOC operations.
• Experience with AWS and/or other cloud security platforms
• Background as an ISSO, including STIG/SCAP and vulnerability management
• Familiarity with tools such as Tanium, Trellix, and ACAS
• Understanding of network architecture and traffic analysis
• Basic scripting skills (Python, PowerShell, Bash)
• Elastic certification or SME-level expertise
• Effective written and verbal communication skills for documentation and collaboration