The Cyber Security Operations Center at Electric Boat is looking for highly motivated individuals to join our team. Cyber threat activity never sleeps and the Security Operations Center is looking for individuals who are actively aware and ready to respond to emerging threats. The Cyber Defense Incident Responder will monitor the network and investigate, analyze, and respond to cyber incidents within the network environment. The Cyber Defense Incident Responder position responsibilities include the following: Monitor and investigate network and system activity including, but not limited to; Intrusion Detection/Prevention Systems (IDS/IPS), firewalls alerts, web filter, reported emails, Antivirus, Security Information, and Event Management (SIEM), host based Endpoint Detection and Response tools for indication of compromise or attempted compromise. Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation. Coordinate and provide advanced support to enterprise-wide cyber defense team to resolve cyber defense incidents. Perform Threat Hunting based on shared intelligence, TTPs, and routine investigations. Perform static and dynamic malware analysis. Perform and support Insider Threat and Supplier Compromise investigations. Maintain Incident & Investigation Tracking systems and enter data based off day to day activity. Support End User training by assisting users who may fall victim to phishing or malicious attacks. Develop End User Cyber Security training to be used in concurrence with current education platform. Support Cyber Security Team with penetration tests, IT projects, and audits when necessary. Continually stay up-to-date on latest threats and vulnerabilities in order to anticipate and prevent security breaches. Required Qualifications: An A.S./B.S. degree in Cybersecurity OR a high school degree and 2+ years of equivalent experience in the following areas: Working knowledge of computer networking concepts and protocols, and network security methodologies. Working knowledge of system and application security threats and vulnerabilities. Working knowledge of Cyber Kill Chain and MITRE ATT&CK frameworks. Working knowledge of Security Information Event Management and Endpoint Detection and Response Tools. Working knowledge of Operating System processes and process trees. Working knowledge of static and dynamic malware analysis. Writing knowledge of packet-level analysis. Internal Candidate must be from organizations outside of operations (Casciano/Gabriel) Preferred Qualifications: CompTIA Security+, Network+, A+, or other IT related certifications. Familiarity with Nessus (Tenable), IBM Qradar, Carbon Black, and Site Protector. Familiarity with cloud service models and cloud incident response methods. Familiarity with ethical hacking and penetration testing. Familiarity with intrusion detection methodologies and techniques for detecting host and network-based intrusions. Familiarity of system administration, network, and operating system hardening techniques. Skills & Abilities: The ability to read email headers and validate it was received from a legitimate source. The ability to parse system events and connect information between multiple systems. The ability to identify, capture, contain, and report on various types of malware. The ability to categorize types of vulnerabilities and associated attacks. The ability to work in a team environment or independent. Strong interpersonal skills. Proficient with multiple operating systems; to include Windows, Linux, iOS, Android. Proficient with basic scripting languages; preferably the ability to read and write PowerShell. Proficient with commercial off the shelf application installation and configuration.
