Previous Job
Previous
Security Spec- Incident Response
Ref No.: 18-08717
Location: Raleigh, North Carolina
This position will support the Enterprise Security and Risk Management Office (ESRMO) Incident Response team and monitor networks & systems using various security boundary tools & capabilities for anomalous activities, triage and remediate as appropriate

This position reports to State Chief Risk Officer (SCRO) and supports the SCRO in ensuring compliance with Federal and State policies of the Department of Information Technology (DIT) State agencies. The candidate will support the Enterprise Security and Risk Management Office (ESRMO) Incident Response team and monitor networks and systems using various security boundary tools and capabilities for anomalous activities, triage and remediate as appropriate.

Duties and Responsibilities:
• Support/assist ESRMO with real-time monitoring and triage of incident received.
• Work collectively with other team members on incident analysis and response, and coordinate with external agencies on resolution of incidents.
• Support efforts on threat hunting, network, host, and malware analysis, sensor tuning and custom signature creation
• Support the application of cyber intelligence to improve security operations
• Perform investigation of network and hosts/endpoints for malicious activity, to include analysis of packet captures
• Assist in efforts to detect, confirm, contain, remediate, and recover from attacks
• Assist in the preparation of executive summaries and conduct briefings on significant investigations
• Ensure adequate metrics and documentation of team operations for leadership and other constituents
• Participate in other activities relating to security and privacy incident management

Knowledge, Skills and Abilities / Competencies
• Network investigation experience, to include netflow and packet/protocol capture and analysis
• Endpoint/host forensics experience
• SIEM experience
• Strong critical thinking, problem solving, and organization skills
• Strong teamwork and collaboration skills
• Good written and verbal communication skills
• Ability to pass a security clearance background investigation
• Sound cyber security knowledge foundation, to include understanding of
• Adversary TTPs
• Network technology and common protocols
• Network security
• Host security
• Malware
• Security tools and sensors
• Ability to work with little to no supervision
• Proven ability to multi-task and work under stress
• Strong team-oriented interpersonal skills; ability to effectively interface with a wide variety of people
• Prefer GCIA, GCIH, CISM, or CEH