Cyber Defense Incident Responder

Job Description

Job Description

Cyber Defense Incident Responder

Knowledge, Skillset, and Abilities (KSAs) – Investigates, analyzes, and responds to cyber incidents within the network environment or enclave.

• Coordinates and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
• Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security
• Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation
• Perform real-time cyber defense incident handling (e.g. forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
• Coordinate with intelligence analysts to correlate threat assessment data
• Perform cyber defense trend analysis and reporting
• Coordinate incident response functions

Specific Requirements

Specific Deliverable s

Notes