Cyber Incident Response Team - Tier 2 Shift Lead

This is a contingent position based upon customer approval.

SkyePoint Decisions is seeking an experienced Tier 2 Shift Lead for the Cyber Incident Response Team to support our customer's Federal Strategic Cyber Mission program.

This is not a remote position. This person will need the ability to work onsite in Beltsville, MD, Tuesday - Saturday, 2pm - 10pm.

Responsibilities:

• Detect, classify, process, track, and report on cyber security events and incidents.
• Perform advanced in-depth analysis of coordinated Tier 1 alert triage and requests in a 24x7x365 environment.
• Analyze logs from multiple sources (e.g., host logs, EDR, firewalls, intrusion detection systems, servers) to identify, contain, and remediate suspicious activity.
• Characterize and analyze network traffic to identify anomalous activity and potential threats.
• Protect against and prevent potential cyber security threats and vulnerabilities.
• Perform forensic analysis of hosts artifacts, network traffic, and email content.
• Analyze malicious scripts and code to mitigate potential threats.
• Conduct malware analysis to generate IOCs to identify and mitigate threats.
• Collaborate with Department of State teams to analyze and respond to events and incidents.
• Monitor and respond to the CIRT Security Orchestration and Automation Response (SOAR) platform, hotline, email in-boxes.
• Create tickets and initiate workflows as instructed in technical SOPs.
• Coordinate and report incident information to the Cybersecurity and Infrastructure Security Agency (CISA).
• Collaborate with other local, national and international CIRTs as directed.
• Submit alert tuning requests.

Additionally,as a Tier 2 Shift Lead you will:

• Review all Tier 2 shift tickets for accuracy and completeness
• Coordinate with CIRT Watch Officersand government leadership on remediation actions
• Provide technical and procedural improvement recommendations to CIRT leadership
• Assist withTier 2candidate technical interviewsasrequired
• Ensure coordinated remediation actions areoperatingproperly

Required Qualifications:

• Bachelor's degree and minimum of 11 years of relevant experience; or, Master's degree with minimum of 9 years; or PhD with 6 years.
• Must have an active Secret security clearance.
• Must possess, or obtain prior to start date, at least one of the following certifications. Continued certification is required as a condition of employment:
  
  
  
  • CASP+ CE, CCISO, CCNA Cyber Ops, CCNA Security, CCNP Security
  • CEH, CFR, CISA, CISM, CISSP (or Associate), CISSP-ISSAP,CISSP-ISSEP, Cloud+, CySA+, GCED, GCIA, GCIH, GICSP, GSLC, SCYER.
  
  
  
  
• Demonstrated experience across the incident response lifecycle.
• Experience with SOAR platforms and automated response workflows (e.g., ServiceNow, Splunk SOAR, Microsoft Sentinel).
• Experience with Security Information and Event Management (SIEM) platforms (e.g., Splunk, Microsoft Sentinel, Elastic, QRadar).
• Experience with Endpoint Detection and Response (EDR) solutions (e.g., Microsoft Defender for Endpoint, Elastic XDR, Carbon Black, CrowdStrike).
• Knowledge of cloud security monitoring and incident response.
• Knowledge of integrating indicators of compromise (IOCs) and tracking advanced persistent threat (APT) actors.
• Ability to analyze cyber threat intelligence and understand adversary tactics, techniques, and procedures (TTPs).
• Knowledge of malware analysis techniques.
• Familiarity with MITRE ATT&CK and D3FEND frameworks.
• U.S. Citizenship required.

Preferred Qualifications:

• Proficiencywith Splunk for security monitoring, alert creation, and threat hunting.
• Experience usingMicrosoft Azure access and identity management.
• ProficiencyinMicrosoft Defender for Endpoint and Identity for security monitoring, response, and alert generations.
• Experience using digital forensics collection and analysis tools (e.g.Autopsy,AxiomMagnetForensics, Zimmerman-Tools, KAPE,CyLR, Volatility).
• Experience using ServiceNow SOAR for ticketing and automated response.
• Experience usingPython,PowerShelland BASH scripting languages.
• Proficiency in cloud security monitoring and incident response.
• Demonstrated ability to perform static/dynamic malware analysis and reverse engineering.
• Experience with integrating cyber threat intelligence and IOC-based hunting.
• Technical certifications such as: Azure SC-900, CCSP, GCIH, CCSK, GSEC, CHFI, GCLD, GCIA.
• Advanced technical certifications such as:SecurityX/CASP+, PRMP, GREM, GEIR, GNFA, or GCFA.

Compensation:

Salary Range: $140,000 - $160,000

The SkyePoint Decisions salary range for this position is a general guideline only. It represents an estimated range for this position and is just one piece of our total compensation package.

Salary at SkyePoint is determined by various factors, including but not limited to location, work schedule, the candidate's combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability, market data and business considerations.

In addition to a competitive salary, SkyePoint offers benefits including a certification incentive program, PTO, floating federal holiday options, several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs], Flex Spending Accounts [FSAs], Full Dental Plans, Vision, ST/LT Disability, Life Insurance, and 401k matched.