Incident Response Analyst

Overview:

Knight Point Systems (KPS), a Service-Disabled Veteran-Owned business, was founded in 2005 to address the IT and infrastructure challenges facing Federal government agencies. Since that time, KPS has established itself as one the fastest growing providers of technology and consulting services across Federal government, State and Local government, and commercial enterprises. Our staff maintain expertise spanning a wide spectrum of IT management, technology, and service solutions. We are repeatedly recognized as a “Best Place to Work” for maintaining an exceptional work environment for our employees. KPS is appraised at Capability Maturity Model Integration (CMMI) Level 3 and holds ISO 20000-1:2011 and ISO 27001:2013 certifications. Through KPS’ Horizon®, our customers are able to consume technology and services traditionally, cloud-enable their data centers on premises through our ‘as a Service’ offerings, or transition services off premises to KPS’ cloud environment.

 

Repeatedly recognized as an elite public sector IT provider, KPS has a well-documented history of dedication to its staff. We have been recognized as an exceptional work place by The Washington Post and Washington Business Journal and were named to Inc. Magazine’s definitive top 100 of America’s Strongest and Most Strategic Growth Firms. These accolades do not come by chance. They are the result of a company that takes stock in the working environment it creates and a corporate approach that is designed to care for, enhance, and appreciate every employee—which invariably translates into more competently-delivered, higher-value services for its clients.

 

KPS is an EEO/AA employer.  KPS is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.  KPS promotes affirmative action for minorities, women, disabled persons, and veterans.

 

Position Summary:

Our company is seeking a candidate to support an IT Security Incident Response program with the Department of Homeland Security. A qualified candidate will have a broad understanding of IT Security, ideally at the enterprise level. This DHS Program performs triage on all security escalations/detections to determine scope, severity, prioritization and, if immediately possible, root cause. Triage will include the safe gathering and assessment of all relevant available/observable event/incident data as evidence, and also includes review of all internal knowledge bases for historical precedent or patterns. In addition, event/incident data (network and host-based) from as many sources as practical will be correlated to confirm and/or validate status as: event of interest (suspicious, but unexplained warranting further investigation), explainable/non-incident (false-positive), or true incident (occurrence with potential or actual adverse effects). Program is responsible for confirming security events associated with US-CERT and DHS HQ incident categories and handle according to the ISB Incident Response SOP and the DHS MD 4300A core document.

Staff will coordinate and work with peer response teams, collaborating security entities, and authorized external agencies to remediate anomalies and events as required.

Responsibilities:

  • Knowledge of, and experience with:
    • Secure network design and operation
    • Security monitoring practices
    • Security-based software applications
    • Security Information and Event Management (SIEM) systems
    • Ticket management system
    • Log management and review practices
    • Security event categorization and severity assignments
    • Security monitoring and incident response integrated work flows
  • Knowledge of industry and government best practices

Success Factors / Job Competencies:

  • Working knowledge of:
    • Splunk
    • MIR
    • Tanium
    • McAfee ePO
    • Forensics tools such as Encase and FTK.
  • Execute the 4Cs (Candor, Competence, Confidence, and Commitment) on a daily basis
  • Providing quality support to the customer

Physical Demands and Work Environment

  • Working with computers and architecture
  • Sitting for lengths of time
  • Operating at peak and non-peak hours

 

Qualifications:

  • A Bachelor’s Degree in an appropriate area
  • At least 5 years IT experience which must include a minimum of two years demonstrated incident handling or SOC experience.
  • The incident response analyst must be able to obtain a clearance.
  • Possess a certification, preferred:
    • Security+ certification or equivalent
    • CEH
    • Incident Handling (GCIH) certification
  • Strong knowledge of, and experience with, incident handling processes and best practices

Source:https://careers-knightpoint.icims.com/jobs/1664/incident-response-analyst/job?mobile=false&width=720&height=500&bga=true&needsRedirect=false&jan1offset=360&jun1offset=360