Job Description
Job Description
Summary: Provide support for Cybersecurity Operations Services to support the Cybersecurity Branch in protecting Department of Interior's (DOI's) information systems and data.
Location: Denver, CO
Duties and Responsibilities:
Ideal candidate will support efforts and perform tasks required in support to the DOI SOC Manager(s).
Responsibilities will include:
- Support preparation of Incident Reports, After-Action Reports, and SOC Analysis reports to be shared with its constituents and partners.
- Work with the DOI SOC Manager to coordinate with law enforcement organizations as required. Deliverables for Cybersecurity Communications / Coordination include, but are not limited to, incremental updates while responding to an incident and an After-Action Report, including lessons learned after an incident.
- Provide Monitoring and Analysis support to actively review all SOC data feeds, analytical systems, sensor platforms, and output from other SOC tool products.
- Support forensic analysis on a variety of digital media devices and mediums to identify, reverse engineer, and de-obfuscate content related to an incident, such as malicious content.
- Provide onsite and remote vulnerability assessment capabilities as a sustained, full-time program independent of incident detection, recovery, or reporting activities.
- Work with the DOI Cyber Incident Response Center, and/or any other pertinent parties (to include external vendors) at any DOI location to recover from any incident.
- Support creation of procedures and documentation for maintaining all SOC hardware and software.
- Provide support for Change Requests (CR) and security reviews
Minimum Qualifications:
Have strong foundational knowledge of information security and practical experience in Security Services. Specific knowledge areas include:
- Federal Information Security Management Act (FISMA) Compliance framework, including ongoing assessment and authorization.
- National Institute of Science and Technology Incident Response methodology.
- Cyber Security Incident Response Process
- Capability to perform system level forensics with applications such as Encase.
- Ability to operate and maintain Vulnerability Management solutions (e.g., TenableNessus, Imperva DB, HCL Web App Scan, Acunetix 360).
- Ability to operate and maintain hardware asset management applications (e.g., Forescout, SolarWinds, or MDE Device Discovery).
- Ability to operate, maintain and process data from different types of vulnerability scanners: Web Application, Database, Host-based, Network Based.
- Ability to analyze and develop assessment reports from data produced by Scanning Tools (e.g., Imperva DB Scanner, Tenable Nessus Scanner, HCl Web app scans, Acunetix 360) .
- Ability to monitor, analyze and report on alerts produced by Security tools (e.g., Network Intrusion Detection Systems (NIDS), Host Intrusion Detection Systems (HIDS), Data Loss Prevention Systems (DLP), Security Information and Event Management system (SIEM)).
- Ability to monitor and analyze alerts generated on Endpoint Detection and Response (EDR) solutions (e.g., Microsoft Defender for Endpoint (MDE)).
- Ability to monitor and process alerts generated by SIEM and SOAR (e.g., Splunk SIEM/SOAR solutions).
- Ability to develop vulnerability assessment reports specific to the Department.
- Minimum six (6) years of operational experience, including two (2) years of hands-on experience in the technologies outlined above.
Education & Certifications:
- Bachelor’s degree in Cybersecurity or information technology (REQIURED)
- Cybersecurity certifications preferred but not required
Job Type: Full-time
Job Types: Full-time, Contract
Pay: From $110,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Employee assistance program
- Health insurance
- Life insurance
- Paid time off
- Referral program
- Tuition reimbursement
- Vision insurance
Compensation package:
- 1099 contract
- Profit sharing
- Yearly bonus
- Yearly pay
Experience level:
Schedule:
Ability to commute/relocate:
- Denver, CO: Reliably commute or planning to relocate before starting work (Required)
Experience:
- Cybersecurity: 6 years (Required)
Work Location: In person