ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Lead Incident Response Engineer who has experience performing security incident response planning, preparation, execution, and reporting. The candidate for this position will develop, maintain, and execute an Incident Response (IR) Playbook adhering to NIST 800-61 and -137 guidelines. Incident reporting will align with SecOps and SDM reporting mechanisms. Post-incident activity will focus on distilling lessons learned into actionable improvements across Security Operations Center (SOC) technologies and processes, in coordination with agency CSIRT.
The Lead IR Engineer will have oversight of the IR team and have final responsibility for the quality of the SOC team’s incident investigation technical work and support of the organization’s IR process. The candidate is also responsible for providing support to the Agency’s IAS team at every step of the Incident Response process. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.
Roles and Responsibilities
- Work with IAS Manager and SOC Lead in setting up and preparing the incident response process and procedures
- Oversee and participate in detection and analysis of suspicious/anomalous activity or attacks
- Oversee and participate in forensics analysis of attacks or data breaches identify extent of activity, targeted assets, methods used, etc.
- Lead incident containment and eradication activities, and post-incident activities, including reporting and lessons learned
- Responsible for communication with management, the Agency and US CERT regarding incidents
- Ensure SOC tools required for detection and analysis of suspicious or unauthorized activities are functioning and have latest software updates
- As required, monitor SOC tools required for detection and analysis of suspicious or unauthorized activities to ensure they are functioning and have latest software updates
- Work closely with IAS manager and SOC lead on incident response process preparation and execution activities
- Experience working in security incident detection, analysis, containment and response activities in an enterprise environment
- Familiarity with common attack vectors and methods for detecting activity associated with each vector
- Proven skills and experience with digital forensics and security detection tools and their output, such as IDS/IPS, SIEMs, antivirus/antispam software, and file integrity checking software
- Experience working with Windows, Linux, and MacOS, their service and application logs, network device logs, and basic internet protocols, including TCP/IP
- Experience with creating automated log correlations in Splunk, ELK or an equivalent tool used to identify anomalous and potentially malicious behavior
- Excellent written and verbal communication skills
Years of Experience Requirement
- 8 years desired but not required depending on work history
- BS/BA in Computer Science, Information Systems, Engineering, Business, Physical Science, or other technology-related discipline or 8+ years in a technical management role
- Desired certifications include: Security+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering Malware (GREM), GIAC Certified Forensic Examiner (GCFE), or GIAC Certified Forensic Analyst (GCFA) Certification
- Crystal City with transition to Herndon/Reston area
- U.S Citizenship with the ability to obtain a Secret clearance