ECS is seeking a Cyber Defense Incident Responder (SME) to work in our Huntsville, AL office.
Please note: This position is contingent upon contract award.
ECS is seeking a qualified Cyber Defense Incident Responder (SME) to support cybersecurity operations for the Federal Bureau of Investigation. You will provide leadership and cyber SME support for the Digital Forensics and Incident Response (DFIR) Team, playing a crucial role in the FBI's cybersecurity defense strategy.
The DFIR team is responsible for analyzing digital evidence from computer security incidents to derive useful information in support of system and network vulnerability mitigation. The team will meticulously gather and analyze extensive datasets to bridge informational gaps associated with cyber-attacks. This involves identifying perpetrators, understanding their intrusion methods, and meticulously documenting the precise sequence of actions that compromise system integrity.
Responsibilities
Assist in analyzing alerts, iden
ti
fying true posi
ti
ves, and priori
ti
zing incidents based on severity and impact.
Conduct forensic analysis on systems and networks to determine the scope and impact of security incidents.
Work with the watch floor to develop and refine incident response plans.
Analyze threat intelligence feeds, indicators of compromise (IOCs), and TTPs (Tac
ti
cs, Techniques, and Procedures) to iden
ti
fy and respond to emerging threats.
Conduct a thorough post-incident analysis to iden
ti
fy root causes and vulnerabili
ties
Conduct regular joint training exercises and tabletop simula
ti
ons to help strengthen coordina
tion.
Par
ti
cipate in red teaming exercises to simulate real-world attacks and iden
ti
fy areas for improvement.
Possess deep exper
ti
se in a variety of opera
ti
ng systems, including advanced knowledge of Windows, Linux, and macOS, enabling effec
ti
ve analysis and response across diverse technical environments.
Exhibit a profound understanding of intricate network protocols and technologies, facilita
ti
ng strategic assessments of complex network incidents and vulnerabili
ties.
Highly skilled in advanced malware analysis techniques, capable of devising and execu
ti
ng targeted threat mi
ti
ga
ti
on strategies tailored to specific organiza
ti
onal needs.
Possess specialized knowledge in forensic imaging and data recovery techniques, employing innova
ti
ve methodologies to effec
ti
vely preserve and analyze digital evidence.
Possess comprehensive knowledge of advanced persistent threats (APTs), including strategic foresight regarding their tac
ti
cs, techniques, and procedures (TTPs) and corresponding countermeasures.
Demonstrate advanced proficiency in a range of digital forensics tools, such as EnCase and FTK, while evalua
ti
ng and implemen
ti
ng emerging technologies to enhance inves
ti
ga
ti
ve capabili
ties.
Mentor and develop junior staff, enhancing the overall capabili
ti
es of the DFIR team and promo
ti
ng a culture of con
ti
nuous improvement and excellence.