Incident Responder

Job Title:

Incident Responder

Job Category:
Information Technology

Time Type:
Full time

Minimum Clearance Required to Start: TS/SCI

Employee Type:
Regular

Percentage of

Travel Required:

Up to 10%

Type of Travel:
Local

* *
* *
* The Opportunity:

*
* CACI is seeking a skilled and experienced Incident Responder (Level
2) to join our dynamic team to support a DoD client in Suitland, MD. The ideal candidate will have extensive experience in Computer Network Defense (CND), incident triage, incident reporting, and incident response and investigation. This role requires a proactive individual with strong analytical skills, excellent communication abilities, and a deep understanding of IT systems and networks. The Incident Responder will be responsible for managing the full incident lifecycle, from detection and analysis to containment, remediation, and recovery.

** Responsibilities:*
* + Incident Management:

+ Manage the full incident lifecycle, including detection, analysis, containment, remediation, and recovery.

+ Triage, report, and respond to security incidents in a timely manner.

+ Conduct incident and intrusion trend analysis to identify patterns and potential threats.

+ Documentation and Reporting:

+ Document incidents clearly and concisely, ensuring all relevant information is captured for future analysis and legal or compliance purposes.

+ Prepare and present detailed incident reports and briefings to stakeholders.

+ Security Classification and Spillage Cleanup:

+ Interpret Security Classification Guides and apply classification markings/interpretations.

+ Coordinate spillage cleanup activities to ensure data integrity and security.

+ Threat Intelligence and Best Practices:

+ Utilize threat intelligence to enhance incident response efforts.

+ Develop and implement "best practices," manuals, and standard operating procedures based on Federal, DoD, IC, and industry standards.

+ Collaboration and Stakeholder Management:

+ Collaborate with technical teams to implement remediation measures to prevent recurrence of incidents.

+ Coordinate with stakeholders to provide updates and recommendations for improving security practices based on post-incident analysis.

+ Tool Utilization:

+ Utilize incident tracking tools such as ticketing systems and case management platforms.

+ Employ cybersecurity tools to investigate instances of alleged employee or external actor wrongdoing.

*
* Qualifications:

*
* _

Required:

_

+ TS/SCI Security Clearance

+ BA/BS in Computer Science, Information Technology, Information Assurance, or a related area of study desired.

+ Without a degree, 8+ years of relevant professional experience in those fields is required.

+ Must have 5+ years of concentrated experience in CND discipline.

+ 3+ years of professional experience in incident triage, incident reporting, incident response and investigation, incident and intrusion trend analysis, interpreting Security Classification Guides and applying classification markings/interpretations, and spillage cleanup coordination.

+ Effective interpersonal, organizational, time management, writing/documentation, and briefing skills with strong attention to detail.

+ Strong analytical, conceptual, and problem-solving skills.

+ Proven ability in communicating effectively and developing/presenting presentations.

+ Ability to think outside the box by utilizing IT knowledge and cybersecurity tool output to investigate incidents.

+ Proven ability in prioritizing, executing, and completing tasks with little to no direction in a high-pressure environment.

+ Moderate experience utilizing Federal, DoD, IC, and industry standards in the creation of "best practices," manuals, and standard operating procedures.

+ Moderate experience in the development and implementation of Incident Reporting, Response, and Remediation tactics, techniques, and procedures (TTPs).

+ Moderate knowledge of policies and processes related to Computer Network Defense (CND) execution.

+ Moderate knowledge of incident management lifecycle processes required for the identification, categorization, eradication, response, recovery, and mitigation of cybersecurity incidents and breaches.

+ Moderate knowledge of common enterprise…