Cyber Incident Responder (LEAD) - SOC - TS/SCI with Polygraph

Public Trust: None

Requisition Type: Regular

Your Impact

Own your opportunity to serve as a critical component of our nation’s safety and security. Make an impact by using your expertise to protect our country from threats.

Job Description

Own your career as a Cyber Incident Responder at GDIT. Here, you’ll have the opportunity to build strong lines of cyber defense using cutting-edge technologies. Your work in cyber security at GDIT will have an impact on securing our clients’ missions and ensuring we anticipate the threats of tomorrow.

At GDIT, people are our differentiator. As a Cyber Incident Responder you will help ensure today is safe and tomorrow is smarter.

HOW A CYBER INCIDENT RESPONDER WILL MAKE AN IMPACT

• We’re seeking an experienced and vigilant cybersecurity specialist who can proactively prevent breaches of all sizes, understand when they occur, and take immediate steps to remediate them.

• The ideal candidate understands cybersecurity standards and certifications, extensive knowledge of how cybercriminals work, and determination to never allow them access.

• Identify potential cyber threats, determine levels of risk, and produce analytical reports for a variety of audiences. You will occasionally be required to present your findings in front of senior executives, so the ability to translate technical indicators into layperson’s terms is vital.

• When serious threats are identified, you will work closely with other areas of the security team to identify appropriate solutions.

• You must be passionate about technology, and able to learn the ropes of new security solutions rapidly.

• Forensic analysis of digital information, Open-Source Intel (OSINT) review/monitoring, available tools both customer provided and open source, and pivoting/researching on previously reported Indicators of Compromise (IOCs).

• Participate in collaborative sessions with other CNDSPs and IC agencies on malicious intrusions, attacks or suspicious activities, as well as share emerging Cyber Threat Intel data. 

• Assist in the development of IOCs for active defensive countermeasures and passive detection signatures.

WHAT YOU’LL NEED TO SUCCEED:

• Bachelor's Degree and 8+ years of relevant experience, equivalent combinations of education, certifications, and experience will be considered. 

• DoD Approved Baseline 8570 IAT II (Sec+, CySA+, CND, SSCP, etc.) certification required prior to start date

• DoD Approved Baseline 8570 CSSP Incident Responder (CEH, CySA, GCIH, PenTest+, etc.) certification required prior to start date

• GIAC Continuous Monitoring (GMON) or equivalent (other GIAC certs, CSA, ECIH, any cert under 8570 CSSP Incident Responder) certification required within first 120 days of employment

• Splunk Core User certification required within first 120 days of employment

• Security Clearance Level: TS/SCI clearance and ability to obtain and maintain a Polygraph

REQUIRED SKILLS AND ABILITIES:

• Must have common knowledge of standard network infrastructure.

• Other items that would be good to know include: domain masquerading, certificates, and file hashing.

• Familiar with monitoring emerging threats through Tools, Techniques, and Procedures (TTPs) and how they relate to the MITRE ATT&CK framework

• Good written communications skills are necessary in order to properly document and report the identification and sharing of newly identified IOCs.

• Day, Swing, or Mid Shift position available: Willing to work a weekend or holiday supporting your assigned shift.

Location: On Customer Site

• Bolling AFB, Washington D.C.

• Reston, VA

• Colorado Springs, CO

GDIT IS YOUR PLACE:

• 401K with company match

• Comprehensive health and wellness packages

• Internal mobility team dedicated to helping you own your career

• Professional growth opportunities including paid education and certifications

• Cutting-edge technology you can learn from

Work Requirements

Years of Experience

8 + years of related experience

* may vary based on technical training, certification(s), or degree

Certification

Security+, CE - Comptia Security+ - Comptia Security+

Travel Required

Less than 10%

Citizenship

U.S. Citizenship Required