Education & Experience
Bachelor’s degree or equivalent practical experience in incident response, computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering
Four or more years in an incident response role required.
Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling preferred.
Programming and scripting languages, preferably Python and PowerShell. Scripting and automation for use in SOAR is a plus.
Strong written and verbal communication skills; must be able to effectively communicate to all levels of staff up to executive-level management, customers (internal and external), and vendors.
Deep understanding of computer systems and concepts, including operating systems, computer networking, cloud computing.
Continually updated understanding of and ability to recognize and categorize types of vulnerabilities, exploits, and associated attacks.
Continually updated understanding of and ability to identify, capture, contain, and report malware.
Ability to preserve evidence integrity in keeping with standard operating procedures and/or national standards. Motivation to continually improve the incident response program and associated policies and procedures.
Identification of opportunities to improve collaboration and communication with internal and external stakeholders to mitigate incidents and follow protocols
On-Call nights and weekends based on response SLA requirements Curiosity and tenacity as related to forensic investigations and threat hunting
Ability to work effectively under pressure; previous experience as an emergency medical responder, firefighter, or related high-pressure environment preferred but not required
Willingness and experience in supporting people from a variety of backgrounds and areas across the organization
Common attacker types and motivations (e.g., nation-state sponsored, ransomware gang, script kiddie, insider threat, etc.)
Familiar with and have worked within security frameworks such as: NIST SP 800-61, Attack lifecycle, SANS Security Controls, MITRE ATT&CK, Kill chain, OWASP Top 10
SANS Security 500 Series or other industry standard equivalent recommended but not required.
Certifications
Preference given for CCE, CCFE, CEH, CPT, CREA, GCFE, GCFA, GCIH, GCIA GIAC, Splunk Core, OSCP, SANS Security 500 Series or other industry standard equivalent
Security Clearance
Public Trust High (Tier 4/BI) Risk Level
Must be a US citizen or Lawful Permanent Resident
