5+ years of experience
Concerned about your lack of experience? Learn More...
Employment Type:
Full time
Job Category:
Information Services
See more jobs for students and recent grads who studied:
Computer Network Defense / Incident Response Analyst Job
SAIC | Fort Meade, Maryland
Tell Us More About Your Job Preferences
By telling us what you think of this job, we can help find jobs that match your interests. If you want to see more jobs like this, click on the smiley face. Or if this job isn't what you are looking for, click the frowny face. Learn More...

Follow This Company

Job Description

Computer Network Defense / Incident Response Analyst (Job Number:429528)


The CND Incident Response (CND/IR) Analyst shall identify, collect, and analyze network and host data, and report events or incidents that occur or might occur within a network to mitigate immediate and potential network and host threats.

Job Duties:

- The individual shall perform computer network defense (CND) incident triage, to include determining urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation, and making recommendations that enable expeditious remediation, perform initial, forensically sound collection of images and inspect to determine mitigation/remediation on enterprise systems; perform real-time computer network defense (CND) incident handling (e. g., forensic collection, intrusion correlation/tracking, threat analysis, and direct system remediation) task to support Incident Response Teams, receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts, and track and document computer network defense (CND) incidents from initial detection through final resolution.
- The candidate should be able to employ defense-in-depth principles and practices, collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential computer network defense (CND) incidents within the enterprise.
- Assist with analysis of actions taken by malicious actors to determine initial infection vectors, establish a timeline of activity and any data loss associated with incidents. Must be experienced in the use of various incident response tools (e.g., Acunetix, Adobe, Cobalt Strike, FireEye, Fluke Networks Air Magnet, F-Response, Encase Guidance Software, IDA Pro, McAfee Advance Threat Defense, Network Miner Pro, Palo Alto, Burp Suite Professional, Metasploit Rapid 7, Red Seal, Splunk, VMWare, Domain Tools, Virus Tools, Microsoft Products, Operating Systems (e.g., Windows OS 2008 and 2012; Linux).


Required Skills:

- Experienced with programming tools such as Python, PowerShell and also able to develop Scripts with Scripting languages/tools.
- Ability to provide expert technical support to enterprise-wide CND technicians to document CND incidents, correlate incident data to identify specific vulnerabilities and to make recommendations enabling remediation.
- Monitor external data sources (e.g., computer network defense vendor sites, Computer Emergence Response Teams, SANS, Security Focus), update the CND threat condition, and determine which security issues may have an impact on the enterprise.
- Analyze log files, firewalls, firewall logs, and intrusion detection systems and IDS Logs to identify possible threats to network security, and to perform command and control functions in response to incidents

Required Qualifications:

- Must have ten(10) years of experience in network defense and/or Incident Response and a Bachelor's degree in Computer Science or other technical field or eight (8) years or more experience with a Masters Degree.
- Must have an IAM Level III certification (GSLC, CISM, or CISSP) or the ability to obtain within 6 months of employment.
- IAM level III certification with documented additional education, specialization or certification in one of the technologies or tools:
- Acunetix, Adobe, Armitage Cobalt Strike, FireEye, Fluke Networks Air Magnet, F-Response, Encase Guidance Software, Hey Rays IDA Pro, IBM, McAfee Advanced Threat Defense, Network Miner Pro, Palo Alto, Burp Suite Professional, Metasploit Rapid 7, Red Seal, Splunk, VMWare, Domain Tools, Virus Total, Microsoft Products.
- Experience performing computer network defense (CND) incident triage
- Must have experience with programming tools such as Python, PowerShell and must have experience writing scripts
- Must have experience performing Incident Response as it pertains to a post exploited host/compromised network
- Must have experience with forensically interrogating and analyzing Microsoft Windows Operating Systems (Windows 7/10/2008R2/2012R2)
- Must have experience and understanding of what and how to examine computer memory, process dumps, binary images with Open Source Software tools
- Must have a firm understanding of how to examine Windows host-based artifacts in the conduct of Incident Response actions
- Must have an understanding of which artifacts to collect in order to effectively triage and identify anomalies within an Operating System
- Must possess fundamental sound operating system theory with the following; o Kernel Mode/User Mode
- Memory Management o Processes, threads, run-time stack o System level Dynamically Loaded Libraries (DLLs)
- Registry
- Must have experience performing computer programming tasks employing a scripting language within Microsoft Windows and GNU/Linux environment
- Must have experience performing computer programming tasks with Microsoft PowerShell programming from a Digital Forensic/Incident Response perspective (PowerShell programming is a very critical capability).
- Specialization i Must have experience performing computer programming tasks with Python Programming (can read from and write to a SQL database, can process JSON formatted data (import/export), can process SML formatted data (import/export), can read from and write to files from a fixes and removable storage, can programmatically write scripts to collect, filter, evaluate Operating System artifacts and/or Network Packet Captures for threat analysis and signs of intrusion)

Clearance Requirement:

Active TS/SCI with Polygraph

SAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC provides systems engineering and integration offerings for large, complex projects. Headquartered in McLean, Virginia, SAIC has approximately 15,000 employees and annual revenues of about $4.3 billion.

EOE AA M/F/Vet/Disability

Job Posting: Jul 31, 2017, 7:43:36 AM
Primary Location: United States-MD-FORT MEADE
Clearance Level Must Currently Possess: Top Secret/SCI with Polygraph
Clearance Level Must Be Able to Obtain: Top Secret/SCI with Polygraph
Potential for Teleworking: No
Travel: None
Shift: Day Job
Schedule: Full-time

This company profile was created by AfterCollege and is about SAIC. This page is not endorsed by or affiliated with SAIC. For questions regarding company profiles, please email: care@aftercollege.com.