Incident Response Specialist (Cybersecurity)
McKean Defense is a Naval Life Cycle Management, Engineering, Enterprise Transformation and Program Management business headquartered in Philadelphia, PA. McKean’s engineers, developers, technical staff, programmers, analysts, and program managers identify and deploy new shipboard technologies, integrate information technology across shipboard platforms, and develop strategies to support the Warfighter. McKean’s employees create strategic solutions to help customers reach new levels of mission support and transform their organizations. McKean Defense is employee owned, and values the life experiences of potential candidates, including those who have served our Military. Currently, 38% of McKean’s employee owner workforce are veterans.
McKean Defense is seeking a candidate to fill the role of Incident Response Specialist supporting Navy programs. As an Incident Response Specialist, you will coordinate and provide expert technical support to defense technicians of assigned systems to resolve cyber defense incidents. Responsibilities for this role include:
- Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
- Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on assigned systems.
- Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.
- Participate in incident response functions.
- Perform cyber defense incident triage, to include determining scope, urgency, and potential impact; identifying the specific incident events; and making recommendations that enable expeditious remediation.
- Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on assigned systems.
- Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable incident Response Teams (IRTs).
- Receive and analyze network alerts from various sources within assigned systems, and determine possible causes of such alerts.
- Track and document cyber defense incidents from initial detection through final resolution.
- Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies.
- Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, and security robustness).
- Collect intrusion artifacts (e.g., source code, malware, residual evidence) and use discovered data to enable mitigation of potential cyber defense incidents within assigned systems.
- Serve as technical expert and liaison to law enforcement personnel and explain incident details as required.
- Coordinate with intelligence analysts to correlate threat assessment data.
- Perform cyber defense trend analysis and reporting.
- Ensure chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence.
- Examine recovered data for information of relevance to the issue at hand.
- Write and publish after action reviews.
Bachelor's degree in Computer Science, Cyber Security, Computer Engineering or a related technical field OR CERT-Certified Computer Security Incident Handler (CSIH) OR GIAC Certified Incident Handler (GCIH) certification
2 to 5 Years of experience in Incidence Response Handling
Any of the following certifications are a plus: Certified Ethical Hacker (CEH), GIAC Network Forensic Analyst (GNFA), GIAC Certified Detection Analyst (GCDA), Computer Hacking Forensic Investigator (CHFI), CompTIA Cybersecurity Analyst+ (CySA+) or GIAC Response and Industrial Defense (GRID)
Must work well in teams and independently to solve complex technical problems
Excellent communication skills, both written and verbal.
Windows and Linux administration experience preferred
Knowledge of information security principles
Active Secret security clearance is required for this job.
Equal Opportunity Employer–minorities/females/veterans/individuals with disabilities/sexual orientation/gender identity.
McKean Defense is an E-Verify company.
Job Status: Full Time