Website KMJJ Enterprise (website live while under construction)
Veteran owned for military families, DOD and civilians.
You will be the Incident Response and Digital Forensic Subject Matter Expert (SME) for the DoD customer’s Computer Security Service Provider (CSSP) program; responsible for consulting with the SOC Project Manager, CSSP Program Manager, SOC Lead and other members of the SOC team. Providing Incident Response and Digital Forensic expertise for Security Operations Center. Responsible for documenting procedures and processes, participating as a senior incident responder and conducting digital forensic investigations as directed by Government authority; will research, recommend, implement and utilize incident response and digital forensic tools and software to accomplish tasks while maintaining compliance with all DoD policies and procedures, reporting and investigating incidents and other actions required to support the CSSP.
Support the CSSP:
You shall provide support for Blue Team activities, schedule and/or perform security testing and analysis based on Government direction; shall provide support for the response to Red Team activities by performing an attack and vulnerability analysis, proposing risk mitigations strategies and implementing suitable mitigations as approved and directed by the customer Team Lead.
You will work with customer first responders and help the Computer Incident Response Team (CIRT) Leader guide first responder actions.; recommend actions to the Customer CIRT Leader to be taken in response to an on-going or post discovery incident; this may include port or protocol blocks or other actions. Conduct all incident handling IAW applicable DoD policies on identified systems with the Customer system and network administrators to determine if an incident occurred; provide reports using DoD established formats to include operational impact; provide comprehensive input to the analysis of incidents by the Customer Computer Incident Response Team Leader and CSSP Program Manager. All analysis shall comply with the provisions of CJCSM 6510.01 Change 3, SD 527-1, DoDD 8530.1, DoDI 8530.2 and all other relevant DOD directives, Communication Tasking Orders (CTO), and other instructions. The analysis shall include but not be limited to the correlation of event logs from different systems and devices to include firewall logs, IDS alerts, packet captures, and host logs; the capture of and examination of forensic images of system physical memory (RAM and swap space) and hard drives; comparison of data (system baseline) from the Host Based Security System (HBSS) with current system processes and files; the collection and inspection of system state information for current users, processes, services and network connections; reverse engineering of suspected malware found in the response, and other types of analysis as directed. The analysis shall be based on: (1) live incident response techniques and tools; (2) digital forensic investigation techniques and tools; (3) current attack or malicious code information; and (4) experience of the analysts. You should be familiar with open source tools such as the Sleuthkit and Autopsy as well as commercial tools such as Access Data’s Forensic Toolkit (FTK). Assist the Customer CIRT Lead in reporting detected events and potential incidents that are detected.
Reporting shall comply with the provisions of CJCSM 6510.01 Change 3, DoDD 8530.1, DoDI 8530.2 and all other relevant DOD directives, Communication Tasking Orders (CTO), and other instructions. Reports shall be made in the format, means and timeframes dictated in these directives and instructions. These events/incidents shall be reported directly to and forwarded to higher DOD authorities if the incidents are confirmed. Assist the Customer CIRT Leader in populating the Joint CERT Database (JCD) with appropriate incident information.
You must hold both of the following certifications; a DoD 8570 IAT Level III certification such as the CISSP (Certification Information System Security Professional) and the DoD 8570 CND Analyst certification Global Information Assurance Certification (GIAC) Certified Forensic Analyst (GCFA), Certified Incident Handler (GCIH) and/or Certified Intrusion Analyst (GCIA) or other equivalent generally industry accepted certifications. Candidate should have 10 or more years IT experience; and shall have a minimum of 3 years hands on experience using forensic and/or incident response tools, software and utilities, or intrusion detection products in a production network. Bachelor Degree in related IT field preferred but can substitute experience.
You must be a U.S. citizen able to obtain a Secret Clearance.