Sr Cyber Defense Incident Responder

This job posting is no longer active.

Location: OWINGS MILLS, MD, United States
Organization: Exelon Business Servcs Co, LLC
Job ID: 221634
Date Posted: Sep 24, 2019

Share: mail

Job Description

Description

PRIMARY PURPOSE OF POSITION:

Provides deep technical expertise to provide Level 2/3 Cyber Security Incident Handling, Response and Remediation.

Designs, develops and implement cyber security capabilities to investigate, identify and actively defend Exelon infrastructure against  Advanced Persitent Cyber Threats.Works closely with Incident Handling and Response Team Lead, Security Monitoring and Forensic Analysis teams to meet/exceed service levels.


MAJOR ACCOUNTABILITIES:

- Perform and document work activities relating to level 2/3 CyberSOC Incident Response, Active Defense Cyber investigations and identification of indicators of advanced malware and persistent threats. Perform activities required to manage service level agreements.

- Work closely with Cyber Defense Incident Response Team Lead, Digital Forensics & eDiscovery Team Lead, Security Monitoring Team Lead to coordinate activities and services.
- Support the identification, containment, eradication, & recovery of sophisticated level 2/3 incidents. Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.  Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.  Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.

- Coordinate incident response functions.  Perform cyber defense incident triage, to include determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation.  Track and document cyber defense incidents from initial detection through final resolution.  Collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.

- Update Incident Management & trouble tickets, providing timely & accurate status updates of ongoing activities

- Recommend short & long term adjustments to controls for immediate & future identification, containment & remediation.  Coordinate with intelligence analysts to correlate threat assessment data.

- Provide direction on tuning of signatures, rules, alerts, parsers, & custom scripts.

- Contribute to IR process definition & development & maintenance of documented procedures & procedures, including process integration with managed security service providers, 3rd party vendors, internal IT organizations, & business units. Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies. Perform cyber defense trend analysis and reporting.

POSITION SCOPE:
Provide computer security Incident Handling & Response services to Exelon by serving in a front-line role for information security incidents. Responds to disruptions within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches to maximize survival of life, preservation of property, and information security. Investigates and analyzes relevant response activities and evaluates the effectiveness of and improvements to existing practices.

Qualifications

POSITION SPECIFICATIONS 

Minimum:
- Bachelor’s Degree in Computer Science, Information Technology (IT), or a related discipline, and typically 5 to 8 years of solid, diverse experience in cyber security Incident Response, or equivalent combination of education and work experience.
- One or more of the following: GIAC Certified Intrusion Analyst – GCIA, GIAC Certified Incident Handler – GCIH
- Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.
- Knowledge of how network services and protocols interact to provide network communications.
- Knowledge of incident categories, incident responses, and timelines for responses.
- Knowledge of incident response and handling methodologies.
- Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.
- Knowledge of network protocols (e.g., Transmission Control Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]).
- Knowledge of network traffic analysis methods.
- Knowledge of packet-level analysis.
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
- Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
- Knowledge of basic system administration, network, and operating system hardening techniques.
- Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks).
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Knowledge of an organization's information classification program and procedures for information compromise.
- Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
Preferred:
- Graduate degree in cyber security or related area of expertise.
- Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
Direct experience in network security (SOC, SIRT, CSIRT) investigating targetted intrusions through complex network segments.
- CISSP or SSCP designation
- Demonstrated skill of identifying, capturing, containing, and reporting malware.
- Demonstrated skill in performing damage assessments.
- Skill in using security event correlation tools.
- Demonstrated knowledge of cyber defense policies, procedures, and regulations.

Share: mail
 

Similar Jobs

Manager IT - O365/Customer Experience

BALTIMORE, MD, United States
Exelon Business Servcs Co, LLC

Lead Analyst IT – Application Platform Design and Support

BALTIMORE, MD, United States
Exelon Business Servcs Co, LLC

Sr. Analyst - IT

BALTIMORE, MD, United States
Exelon Business Servcs Co, LLC

Change Management Practitioner - Information Technology

BALTIMORE, MD, United States
Exelon Business Servcs Co, LLC

Principal, IT Project Manager - Enterprise Projects

BALTIMORE, MD, United States
Exelon Business Servcs Co, LLC

Technical Application Support Lead - Unix

BALTIMORE, MD, United States
Exelon Business Servcs Co, LLC

Director IT - Cyber Strategy and Engagement

OWINGS MILLS, MD, United States
Exelon Business Servcs Co, LLC

Director IT - Cyber Strategy and Engagement

BALTIMORE, MD, United States
Exelon Business Servcs Co, LLC

Cyber Defense Forensics Analyst - eDiscovery / Legal

OWINGS MILLS, MD, United States
Exelon Business Servcs Co, LLC

Lead Analyst IT - Oracle Integration Cloud (OIC)

WINDSOR MILL, MD, United States
Exelon Business Servcs Co, LLC

Lead Analyst IT - Oracle ( CX and CDM)

WINDSOR MILL, MD, United States
Exelon Business Servcs Co, LLC

Manager IT - Network Automation

Orchard Beach, MD, United States
Exelon Business Servcs Co, LLC

Lead Analyst IT - Customer System Architect-Analyst

WINDSOR MILL, MD, United States
Exelon Business Servcs Co, LLC

.NET Developer

OWINGS MILLS, MD, United States
Exelon Business Servcs Co, LLC

Integration Developer / Programmer

Baltimore, MD, United States
Exelon Business Servcs Co, LLC

Lead Analyst - IT Application Integration Developer

BALTIMORE, MD, United States
Exelon Business Servcs Co, LLC

Lead Analyst IT - Integrations Lead

BALTIMORE, MD, United States
Exelon Business Servcs Co, LLC

Project Manager IT

BALTIMORE, MD, United States
Exelon Business Servcs Co, LLC

Sr Analyst IT - Integrations Engineer

BALTIMORE, MD, United States
Exelon Business Servcs Co, LLC

Sr. Project Manager IT

BALTIMORE, MD, United States
Exelon Business Servcs Co, LLC

Customer System Environment Manager

Baltimore, MD, United States
Exelon Business Servcs Co, LLC

Java Developer

Baltimore, MD, United States
Exelon Business Servcs Co, LLC

Release Manager - Lead Analyst IT

BALTIMORE, MD, United States
Exelon Business Servcs Co, LLC

Salesforce Developer - Lead Analyst IT

BALTIMORE, MD, United States
Exelon Business Servcs Co, LLC

Lead Analyst - IT

BALTIMORE, MD, United States
Exelon Business Servcs Co, LLC

Frequent Job Searches

Recently Viewed Jobs

Most Recent Job Searches

Relevant Jobs