Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Cyber Security Incident Response Manager
Company Sierra Nevada Corporation
Location Sparks, NV
Preferred GIAC Certifications GCTI, GCIH, GNFA, GCIA
Travel 10%
Salary Not provided
URL https://www.sncorp.com/careers/open-positions/position-details/R0008477
Contact Name Anonymous
Contact Email austin.smith/at/sncorp.com
Expires 2019-12-10

Job Description

The Cyber Security Incident Response Manager contributes to the success of our mission by coordinating and directing defensive Cybersecurity operations during critical and high tempo operations, in accordance with established policies and best practices. This position will work closely with the Security Operations Director to execute strategic vision for the team and assist in maturing a proactive threat hunting based active defense program.

EDUCATION, EXPERIENCE AND SKILLS REQUIRED:

BA or BS degree or 5 years of experience as a senior-level Security Engineer, Network Engineer or System administrator
Ability to manage and triage multiple security events, differentiating urgent issues from the merely important
Prior experience with the US Department of Defense or US Intelligence Community
Knowledge of incident response processes OR Cyber-attack exploitation techniques OR threat intelligence reporting
Proven experience leading and responding to complex incidents
Broad knowledge of the tactics and techniques of advanced threat actors and computer criminals
Ability to manage and triage multiple security events, differentiating urgent issues from the merely important
Excellent social, verbal, and written communication skills, with demonstrated ability to present analytical data to a variety of technical and non-technical audiences
Experience with 3 or more of the following:
Incident response processes, automated intrusion detection capabilities and analysis techniques, malware analysis and classifications,
Cyber-attack types and exploitation techniques,
Cyber-attack modeling, threat intelligence reporting and analysis, or incident reporting and sharing requirements, computer forensics
PREFERRED EXPERIENCE:

Prior experience with the US Department of Defense and intelligence community
Programming or scripting experience
Experience with 3 or more of the following:
Incident response processes, automated intrusion detection capabilities and analysis techniques, malware analysis and classifications, Cyber-attack types and exploitation techniques, Cyber-attack modeling, threat intelligence reporting and analysis, or incident reporting and sharing requirements.
GIAC Cyber Threat Intelligence (GCTI)
GIAC Certified Incident Handler (GCIH)
GIAC Network Forensics Analysts (GNFA)
GIAC Certified Intrusion Analyst (GCIA)
Certified Information Systems Security Professional(CISSP)
Certified Ethical Hacker (CEH)
Experience leading a remote/virtual team
PRIMARY RESPONSIBILITIES:

Manage a dispersed group of threat hunters and incident responders to rapidly detect anomalous behavior and defend computer networks and information systems from insider threats, advanced criminals, and nation state attackers
Coordinate the flow of information between cross functional teams to ensure incidents are properly tracked, escalated, and reported
Review and analyze data from a variety of Cyber defense tools, including network traffic logs, Intrusion Detection or Prevention System alerts, firewall or system logs, and open source information to identify threat activity and recommend appropriate countermeasures and mitigations
Report intrusion attempts, compromises malicious actor activities to management
Proactively analyze, organize and develop new intelligence on advanced threats
Develop, analyze, and disseminate information on threat actors
Coordinate computer network incident response from detection through remediation
Identify and mitigate general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)
Identify system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code).
Actively train, coach, and develop the team
IMPORTANT:

This position requires the ability to obtain and maintain a Secret U.S. Security Clearance. U.S. Citizenship status is required, as this position needs to obtain U.S. Security Clearance for employment. Non-US citizens may not be eligible to obtain a security clearance. The Defense Industrial Security Clearance Office (DISCO), an agency of the Department of Defense, handles and adjudicates the security clearance process. Security clearance factors include, but are not limited to, allegiance to the US, foreign influence, foreign preference, criminal conduct, security violations and drug involvement

COMPLIANCE RESPONSIBILITIES:

Responsible for thoughtful adherence to all SNC Policies, Procedures, and Compliance regulations (internal and external)
Responsible for timely execution of all personnel-related activities such as Time Sheet completion, Performance Evaluations, Salary Reviews, Succession Planning, etc.
Responsible for leadership oversight and for ensuring Department/Team training