Incident Response & Forensic Analyst

SUMMARY

The Incident Response & Forensic Analyst provides support to the Department of Health and Human Services, Indian Health Service (IHS). This position monitors Intrusion Detection, firewalls, anti-virus systems and other security components.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Essential duties and responsibilities include the following. Other duties may be assigned.

Responds quickly and effectively to incidents and customer requests to a successful resolution.

Exercises multi-tasking skills by managing events in multiple systems, applications, and other priorities.

Collects, summarizes, and chronologically documents security event information.

Manages and escalates security events according to customer service level agreements. Assist with post-mortem analysis when security breaches or viral outbreaks occur.

Monitors IT defense perimeter and scanning infrastructure and communicates security events and incidents to applicable Computer Emergency Response Team personnel and/or management.

Monitors and analyzes the output from various security perimeter monitoring devices and recommends security actions per procedures where required .

Coordinates with NOSC Infrastructure Support team to maintain /trouble shoot defense perimeter and monitoring integrity.

Performs reviews and audits of mixed Unix and Microsoft Windows environments, including network devices, databases, web services, and enterprise applications.

Responsible for aiding in own self-development by being available and receptive to any training made available by the company.

Plans daily activities within the guidelines of company policy, job description and supervisor’s instruction in such a way as to maximize personal output.

Responsible for aiding in own self-development by being available and receptive to all training made available by the company.

Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and coworkers. Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions to the best of own ability.

CNI CORE COMPETENCIES

Responsible for the integration of CNI Core Competencies into daily functions, including commitment to integrity, knowledge/quality of work, supporting financial goals of the company, initiative/motivation, cooperation/relationships, problem analysis/discretion, accomplishing goals through organization, positive oral/written communication skills, leadership abilities, commitment to Affirmative Action, reliability/dependability, flexibility and ownership/accountability of actions taken.

COMPLIANCE

Promotes and encourages a culture of compliance with all applicable rules (federal, state, local, Federal Acquisition Regulations, Code of Federal Regulations, Prime Contract requirements, etc.) for themselves and the company as a whole . Fosters an environment in which they will report any violations or reasonably suspected violation of CNI policy, FAR, and/or CFR and are comfortable discussing the myriad compliance, conflict, FAR, CFR, etc. issues that arise during the performance of a government contract.

EDUCATION / EXPERIENCE

Bachelor's degree and a minimum of three (3) years’ relevant experience in Network Security Operations, or equivalent combination of education/experience.

CERTIFICATES, LICENSES, REGISTRATION

Certified in Security related Industry, Vendor or Professional Certifications.

Security+, Network+, Linux+ (1 or more required)

CISA, CISSP, CEH, SANS GIAC, MCSE, CCNA or SSCP (1 or more preferred)

JOB SPECIFIC KNOWLEDGE / SKILLS / ABILITIES

Ability to analyze output from various security technologies in order to effectively investigate security incidents.

Experience with adversary tactics and techniques, attack lifecycles, and threat hunting ( e.g : adversary progression through techniques found in the MITRE ATT&CK® matrix

Experience with Incident Response security tools ( e.g : XSOAR, ExtraHop , XDR, Splunk, Crowdstrike or similar tools).

Experience in either network/host-based intrusion analysis, digital forensics or cyber threat intelligence.

Ability to analyze event logs/system logs, from Windows Operating Systems, Unix/Linux Operating Systems, Palo Alto firewalls, Cisco routers/switches, Wireshark/Ethereal network captures.

Ability to ascertain and determine not only root cause and damage caused, and additionally identify the methods utilized by intruder, as well as ascertain the ongoing potential risk and exposure to the breached system and to the greater client environment.

Ability to read, analyze, develop and interpret common information systems security documents.

Excellent critical thinking skills with ability to identify , analyze and resolve problems / complex issues.

Excellent verbal and written communications skills with ability to prepare quality reports and effectively communicate / interact with a wide variety of technical and non-technical audiences (i.e., customers, team members, management and federal staff).

Exceptional customer service skills with ability to respond to requests in a professional, helpful and timely manner.

Highly organized with ability to effectively manage multiple projects and priorities.

Ability to work in a fast-paced environment and to learn and apply new knowledge and techniques related to Incident Response and continuous monitoring capabilities.

Ability to effectively work both independently and in a team environment for the successful achievement of goals.

MATHEMATICAL SKILLS

Ability to work with mathematical concepts such as probability and statistical inference, and fundamentals of plane and solid geometry and trigonometry. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.

REASONING ABILITY

Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists. Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form.

LANGUAGE SKILLS

Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations. Ability to write reports, business correspondence, and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public .

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job. Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.

EQUAL EMPLOYMENT OPPORTUNITY STATEMENT

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.

• The pay range for this role is 63K to $72K per annum, with the final offer amount dependent on location, skillset, and experience.

• CNI offers a comprehensive benefits package that includes:

• Medical
• Dental
• Vision
• 401(k)
• STD/LTD/AD&D
• Employee Assistance Program (EAP)
• Paid Time Off (PTO)
• Training and Development Opportunities

#INDCNI