Incident Response Analyst Caci International Inc
Arlington, VA

Job Description

Incident Response Analyst

Req #: 222730

Location: Arlington, VA US

Job Category: Information Technology

Minimum Security Clearance: Top Secret

Job Description

The CACI, Inc. Enterprise Information Technology (EIT) Business Group has an immediate opening for a highly-organized Incident Response Analyst to join our mission-driven team. If you thrive in a challenging, fast-paced work environment with a variety of job duties, we invite you to consider this as your next career move. This role offers the opportunity to work with a team of seasoned technical and analytical thinking professionals who thrive on supporting our client's cybersecurity mission and growth objectives.

What You'll Get to Do:

Position will be responsible for cyber hunt and incident response analysis based on government-wide incident response reviews, research and analysis that involves formulating both well-thought out processes and exercises for assigned cybersecurity incidents, presenting process and incident response findings to senior management and other agencies, preparing recommendations for organizational immediate actions, and establishing format and reporting requirements.

Level 3

* Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required (must have held a SCI level clearance within the past 18 months). In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.
* Bachelor's Degree required plus 5-9 years directly related work

Level 4

* Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required (must have held a SCI level clearance within the past 18 months). In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.
* Bachelor's Degree required plus 9-15 years directly related work

You'll Bring These Qualifications:

* Must be a U.S. Citizen.
* Active Top Secret Security Clearance with ability to obtain SCI.
* Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, as well as embedded systems and mainframes.
* Monitor open source channels; i.e. vendor sites, Computer Emergency Response Teams, System Administration, Audit, Network, Security (SANS) Institute, Security Focus); to maintain a current understanding of Computer Network Defense (CND) threat condition and determine which security issues may have an impact on the enterprise.
* Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
* Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or Bro as part of duties performing cyber incident response analysis.
* Track and document CND hunts and incidents from initial detection through final resolution.
* Collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential CND hunts and incidents within the enterprise.
* Perform forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
* Perform real‐time CND hunt and incident handling (e.g. forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Hunt and Incident Response Teams (IRTs).
* Write and publish CND guidance and reports (e.g. engagement reports) on incident findings to appropriate constituencies.
* Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
* Uses data analytics tools including Splunk to make sense of machine data in performing responsibilities.
* Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
* May be required to travel up to 25% of time.

These Qualifications Would be Nice to Have:

* Familiar with network analytics including Netflow/PCAP analysis.
* Understanding of cyber forensics concepts including malware, hunt, etc.
* Understanding of how both Windows and Linux systems are compromised.
* Experience using Splunk for system data analytics and monitoring strongly preferred.
* Experience performing cyber forensics, malware analysis, cyber hunt, etc. strongly preferred.
* A professional certification such as GCFA, GNFA, GREM, or GCIH is highly desirable.

Job Location

US-Arlington-VA-VIRGINIA SUBURBAN

CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.