Incident Response & Forensic Analyst II at Chickasaw Nation Industries in Norman, Oklahoma

Job Description:

It's fun to work in a company where people truly BELIEVE in what they're doing!


We're committed to bringing passion and customer focus to the business.



SUMMARY



The Incident Response & Forensic Analyst provides support to the Department of Health and Human Services, Indian Health Service (IHS). This position will utilize organizational security tools to facilitate Threat Hunting and Detection activities.


As a federal contractor, CNI is a drug-free workplace and adheres to the Federal Controlled Substance Act.



ESSENTIAL REQUIREMENTS



Must be able to obtain and maintain a Public Trust clearance.


Certifications: (Preferred) CISSP, SANS GIAC, MCSE, CCNA, SSCP, Security+, Network+, Server+, Linux+ or higher level



KEY DUTIES AND RESPONSIBILITIES

Essential Duties and responsibilities include the following. Other duties may be assigned.


Monitors IT defense perimeter and scanning infrastructure and communicates security events and incidents to applicable Computer Emergency Response Team personnel and/or management.


Monitors and analyzes the output from various security perimeter monitoring devices and recommends security actions per procedures where required.


Responds quickly and effectively to incidents and customer requests to a successful resolution.


Exercises multi-tasking skills by managing events in multiple systems, applications, and other priorities.


Collects, summarizes, and chronologically documents security event information.


Manages and escalates security events according to customer service level agreements. Assist with post-mortem analysis when security breaches or viral outbreaks occur.


Utilize organizational security tools (i.e. Splunk, Crowdstrike, XDR, XSOAR) to facilitate Threat Hunting and Detection activities.


Investigate and/or respond to security tool alerts and logs.


Ownership of event(s) that require remediation from beginning to end resolution.


Research new and/or emerging industries threats.


Recommend proactive preventative measures for new and/or existing threats.


Plans daily activities within the guidelines of company policy, job description and supervisor's instruction in such a way as to maximize personal output.


Responsible for aiding in own self-development by being available and receptive to all training made available by the company.



OTHER DUTIES



Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.



EDUCATION AND EXPERIENCE



Bachelor's degree and a minimum of six (6) years' relevant experience, or equivalent combination of education/experience.



JOB SPECIFIC KNOWLEDGE/SKILLS/ABILITIES



Experience with cyber threat hunting, to include hunting IOCs such as IP addresses, domains, hashes, artifacts, tools, and TTPs using efficient, accurate queries.


Experience with threat detection engineering, to include assessing threats, vulnerabilities, and TTPs to write applicable detections for alerting, reporting, and continuous monitoring.


Proficiency with organizational security tools (i.e. Splunk, Crowdstrike, XDR, XSOAR) to facilitate Threat Hunting and Detection activities.

• Proficiency with SIEM tools, Splunk Enterprise Security preferred with Splunk SPL querying language skills
  
  

• Proficiency with EDR tools, Crowdstrike and Palo Alto XDR preferred
  
  

• Proficiency with IDS tools, Extrahop preferred
  
  

• Proficiency with SOAR tools, Palo Alto XSOAR preferred
  
  

• Proficiency with vulnerability management platforms as a user, Tenable preferred
  
  

• Proficiency with digital forensics tools, Encase preferred
  
  

Experience operating within a cyber threat intelligence program, to include assessing intelligence for relevance, fidelity, risk, and impact, and incorporating threat intelligence into detections, hunts, and reporting.


Experience implementing concepts from cyber threat modeling frameworks like MITRE ATT&CK and the Cyber Kill Chain in threat hunts, detection engineering, reporting, and assessment of security posture and defense gap analysis.


Experience using SIEM, SOAR, and EDR tools, to include building detections, alerts, reports, dashboards, tools, and automations, as well as tuning existing features and implementing threat intelligence into platform threat intel management features.


Experience with cybersecurity incident response, to include identification/validation of an incident, assessment of risk and exposure, collection and analysis of forensic artifacts, mitigation and remediation, and briefing and reporting to leadership. Past experience responding to a major incident is preferred.


Proficient in general computer networking concepts, IP/IPv6 subnetting/CIDR, TCP/IP ports and protocols, network services, and firewalls.


Proficient in Microsoft Active Directory and Microsoft 365 concepts, architecture, and overall function in an enterprise environment.


Proficient with Microsoft Windows operating systems and command line, including Powershell.


Working knowledge of Linux operating systems and command line.


Experience assessing new products, tools, and services to improve organizational security posture and fill gaps.


Experience communicating and working with teams in different functional areas and collaborating with cross-functional teams to mitigate and remediate incidents, perform requests for information, and communicate threats and risk.


Experience briefing senior leadership, to include writing detailed reports using clear language to communicate risks, gauge confidence, and make recommendations as necessary.


Experience functioning as a team lead or other supervisory experience in cybersecurity is preferred.



LANGUAGE SKILLS



Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures or governmental regulations. Ability to write reports, business correspondence and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, customers and the general public.



MATHEMATICAL SKILLS



Ability to add, subtract, multiply and divide in all units of measure, using whole numbers, common fractions and decimals. Ability to compute rate, ratio and percent and to draw and interpret bar graphs.



REASONING ABILITY



Ability to define problems, collect data, establish facts and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.



PHYSICAL DEMANDS



The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job.


Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.



CNI CORE COMPETENCIES



Responsible for the integration of CNI Core Competencies into daily functions, including commitment to integrity, knowledge/quality of work, supporting financial goals of the company, initiative/motivation, cooperation/relationships, problem analysis/discretion, accomplishing goals through organization, positive oral/written communication skills, leadership abilities, commitment to Affirmative Action, reliability/dependability, flexibility and ownership/accountability of actions taken.



COMPLIANCE



Promotes and encourages a culture of compliance with all applicable rules (federal, state, local, Federal Acquisition Regulations, Code of Federal Regulations, Prime Contract requirements, etc.) for themselves and the company as a whole. Fosters an environment in which they will report any violations or reasonably suspected violation of CNI policy, FAR, and/or CFR and are comfortable discussing the myriad compliance, conflict, FAR, CFR, etc. issues that arise during the performance of a government contract.



EOE including Disability/Vet



If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us! Apply Now