Mission Statement: Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize preservation of data or property, and information security. Investigates and analyzes all relevant response activities.
Contribute the standup of the incident response division
Assist Detection team with Incident Detection Triage and take over Incidents from Detect team and complete all actions.
Work with Program Office Divisions (and other units as needed), to remediate incidents, acquire the 5w’s and ensure the incident has been rectified and documented appropriately.
Work with the Information Assurance Team, Security manager and GOVT ISSM to ensure any Data Spills are handled appropriately. Manage the data Spill Process, working with external agencies as required to ensure cleanup and mitigation is accomplished within required times as set out by government.
Produce Daily Status updates on all Open Incidents.
Produce AAR for all closed Incidents.
Remotely access machines to remove unauthorized software, and conduct malware eradication.
Coordinate with and provide expert technical support to enterprise-wide computer network defense (CND) technicians to resolve CND incidents
Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
Monitor external data sources (e.g., computer network defense [CND] vendor sites, Computer Emergency Response Teams, SANS, Security Focus) to maintain currency of CND threat condition and determine which security issues may have an impact on the enterprise
Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and
Intrusion Detection System [IDS] logs) to identify possible threats to network security
Perform command and control functions in response to incidents
Perform computer network defense (CND) incident triage, to include determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation
Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems
Perform real-time computer network defense (CND) incident handling (e.g., forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)
Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
Track and document computer network defense (CND) incidents from initial detection through final resolution
Write and publish computer network defense (CND) guidance and reports on incident findings to appropriate constituencies
Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness)
Collect intrusion artifacts (e.g., source code, malware, and trojans) and use discovered data to enable mitigation of potential computer network defense (CND) incidents within the enterprise
Serve as technical expert and liaison to law enforcement personnel and explain incident details as required
Experiencing using but not limited to – Splunk, HBSS, ACAS, Fidelis, SIEM Concepts
Bachelors Degree in Computer Science, Engineering or a related technical discipline, or the equivalent combination of education, technical training, or work/military experience.
For more than 50 years, General Dynamics Information Technology has served as a trusted provider of information technology, systems engineering, training and professional services to customers across federal, state, and local governments, and in the commercial sector. Over 40,000 GDIT professionals deliver enterprise solutions, manage mission-critical IT programs and provide mission support services worldwide. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
Software Powered by iCIMS