Senior Cybersecurity Incident Response Specialist at Business Operational Concepts, LLC

DescriptionBusiness Operational Concepts (BOC) is a recognized leader in providingTechnical and Program Management Services Information Technology and Support.BOC has enabled their Government and Commercial clients to achieve their organizational initiatives through the application of high quality innovative and cost-effective professional services and solutions. We provide a positive working environment with opportunities for advancement in our growing Federal sector workforce.We offer an excellent compensation package which includes a generous salary insurance (medical dental etc.) paid leave 401k plan and arecommitted to the diversity we bring to the marketplace and believe customer satisfaction comes first. JOB SUMMARY:Business Operational Concepts (BOC) is currently seeking a seeking a Senior Cybersecurity Incident Response Specialist to work with our federal client. The ideal candidate will serve as an incident responder on the federal agency clients in-house Security Operations Center (SOC) team within the clients Cybersecurity Division Cyber Integration Center. A highly motivated individual with strong technical communication and analytical skills will succeed on this program.DUTIES AND RESPONSIBILITIES:Member of the SOC team which provides 24 hours per day 7 days per week 365 days per year monitoring and incident response services for the organizations Network Systems Applications and Web services.Provide senior level cybersecurity incident response expertise in support of the clients Incident Response processes and procedures. Develop operational baselines such data flows and application interactions to enhance SOCs ability to respond to incidents. Prepare and manage playbooks and relevant scenarios in addition to narratives and visual diagrams and review continuously in compliance with NIST SP 800-61 and Government guidance.Follow current guidance from NIST 800-61 Federal Incident Notification Guidelines CISAs Incident Response and Vulnerability Playbook and client guidance. Monitor system status and sensor data from deployed sensors and triage for validity from Security Information and Event Management (SIEM) System email texts phone calls and all enterprise managed dashboards. Analyze all sources including network traffic identity fault performance and bandwidth information alerts and data to augment detection of network anomalies and unauthorized activity.Meet regularly with client stakeholders to develop content analytic rules alerts dashboards automation and identify ways to improve availability and efficiency of clients incident response program.Categorize Prioritize and Report on cybersecurity events in accordance with (IAW) SOPs and other relevant policies documents.Implement cybersecurity mitigations leveraging client tools and systems. Create and escalate cybersecurity-related investigations to both internal and external entities such as DHS or other Government Agencies with client and Federal defined timelines.Manage coordinate and respond to FOIA audits data calls e-discovery and information requests.Schedule and execute incident response tabletop exercises with each client FISMA system on an annual basis.Review and handle phishing messages reported by client staff. RequirementsQUALIFICATIONS:Required (Minimum) Qualifications Education Certification Experience and SkillsHigh School or GED-General Educational Development-GED DiplomaBachelors degree in computer science or equivalent is preferredMinimum of five years hands-on experienceProven experience detecting triaging and responding to cyber incidents across enterprise networks and cloud environments.Proficiency with SIEM EDR/XDR platforms and forensic tools.Strong understanding of threat actor TTPs MITRE ATT&CK framework and incident containment strategies.Ability to analyze network traffic logs and endpoint telemetry to identify malicious activity.Familiarity with malware analysis reverse engineering basics and memory analysis conceptsExperience developing and tuning detection rules playbooks and automated response workflows.Working knowledge of incident response frameworks (e.g. NIST SP 800-61 SANS).Understanding of vulnerability management threat intelligence integration and SOC metrics/reporting.Understanding of basic computer and networking technologies.Windows and Linux/Unix operating systems Networking technologies (routing switching VLANs subnets firewalls)Common networking protocols SSH SMB SMTP FTP/SFTP HTTP/HTTPS DNS etc.Common enterprise technologies Active Directory Group Policy and the Microsoft Azure suite of cloud services.Understanding of current system logging technology and retrieving information from a plethora of technology platforms.Ability to work well in a team environment.Self-starter with ability to work with little supervision.Willingness to take on and adapt to new open-ended tasks for which there is no current standard operating procedure.Ability to research independently and self-teach.Strong analytical and decision-making skills under pressure.Excellent written and verbal communication including incident documentation and executive briefings.Ability to lead investigations mentor junior analysts and collaborate with cross-functional teams.Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Accordingly U.S. Citizenship is required.Preferred Qualifications Education Certification Experience Skills Knowledge and AbilitiesInterest in security/hacking culture. Ability to think like an attackerGeneral cybersecurity certifications (one or more of the following preferred):CompTIA SecurityCompTIA Cybersecurity Analyst (CySA)Certified Ethical Hacker (CEH)GIAC Certified Incident Handler (GCIH)Any cloud security certification especially:CompTIA CloudCertified Cloud Security Professional (CCSP)Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK)Any Microsoft 365/Azure cybersecurity certification especially:Microsoft Certified: Security Operations Analyst Associate (SC-200)Microsoft Certified: Security Compliance and Identity Fundamentals (SC-900)Microsoft Certified: Azure Fundamentals (AZ-900)Microsoft Certified: Azure Security Engineer Associate (AZ-500)Familiarity with the Microsoft 365 and Microsoft Azure suite of products including Microsoft Sentinel and Microsoft 365 Defender.Knowledge of common enterprise technologies policies and concepts such as:Microsoft Sentinel SIEMKusto Query Language (KQL)Mobile device technologies (iOS Android)Scripting experience (PowerShell Python etc.)Microsoft Power BIAzure DevOpsArtificial Intelligence (AI) / Machine Learning (ML) expertiseIn-depth knowledge of AI and ML concepts.How to practically apply AI/ML technologies to enhance cyber threat hunting and incident response capabilities.Experience with specific AI services offered within Microsoft Azure.Business Operational Concepts LLC is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age pregnancy genetic information disability status as a protected veteran or any other protected category under applicable federal state and local laws. Required Experience:Unclear Seniority Key Skills Children Activity,Apprentice,Advertising,Gallery,IT Software,Barista Employment Type : Full-Time Experience: years Vacancy: 1 Monthly Salary Salary: 100000 - 130000