Job Title: Computer Security Incident Response (CSIRT) Analyst

SBD is looking for a Computer Security Incident Response (CSIRT) Analyst to join our team. CSIRT is the primary SOC entity that is assigned the responsibility for coordinating and supporting the response to a cyber security event or incident. The goal of CSIRT is to minimize and control the damage resulting from cyber security incidents, provide effective guidance for response, coordinate recovery activities, and work to prevent future incidents from occurring.

Responsibilities and Requirements: Provide remedial recommendations and produce consistent comprehensive reports on findings. Traffic analysis (at the packet level) and reconstruction of network traffic to discover anomalies, trends, and patterns affecting the customer's networks Analysis and recommendation of hardware and/or software tools that will assist in traffic analysis Implementation, training, and SOP development and maintenance of implemented solutions In-depth Web log analysis to determine trend, patterns, and suspicious activity Pattern analysis, trend analysis, behavior analysis, and other specialized analysis. Reporting results of all analyses to the SOC GWO and PM Coordinate and advise on incident response actions taken by Incident Response Handlers for incidents affecting their areas. Assist in providing 24x7x365 monitoring of the customer's SPAM"mailbox(s) for suspicious messages submitted by government and contractor personnel. Assist in monitoring all SOC mailboxes (not individual user mailbox contents) to detect phishing attacks as well as any suspicious outbound messages. Provide weekly, monthly, and quarterly reports of monitoring and analysis activities. Respond to email attacks by: Identifying users who may have received malicious messages. Identifying any infections that occurred as a result of the message and initiate a block request to customer. Alert effected customer users of malicious email attempts and providing resolution within time frame established in the current SOP Collaborate with the Focused Operations (FO) team to dissect Targeted Spear Phishing attacks from general mass email attacks. Familiarity with the following security applications is desired: Splunk, McAfee EPO, FireEye Must have or be able to obtain at least one of the listed certifications prior to starting: Network +, Security + or CISSP US Citizenship with an active DoD Top Secret Clearance is required Must be able to obtain an agency specific Entry on Duty (EOD) clearance

Solutions By Design II, LLC (SBD) is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at SBD will be based on merit, qualifications, and abilities. SBD does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age, IWDs, Veteran Status or any other characteristic protected by law (referred to as "protected status").