Cyber Engineer / Detection Incident Handler

Cyber Engineer / Detection Incident Handler

Location: Dulles, VA

Must have an active Secret Clearance

Node is supporting a U.S. Government customer on a large mission-critical development and sustainment program to design, build, deliver, and operate a network operations environment; including introducing new cyber capabilities to address emerging threats.

Node is seeking a Detection Incident Handler / Cyber Engineer

The Tier 3 Detection Incident Handler will handle escalations from Tier 1 and Tier 2 analysts working to analyze, contain, and eradicate potential cyber threats to the organization. This role is responsible for coordinating and leading security incidents, as well as facilitating cross-team post-incident reviews and reports. This includes analyzing and dissecting techniques utilized by threat actors, understanding where best detection opportunities lie, identifying potential monitoring gaps, and configuring detections to defend the organization. The role will also have the opportunity to work in and help mature other areas such as threat hunting and automation.

Must have experience with detection and prevention tools and services including packet captures, IDS/IPS, SIEM, EDR solutions, native cloud logs and security compliance and incident response applications/services.

Responsibilities Include:• Senior-level opportunity for someone very experienced with Security Operations Centers (SOCs), Incident Management, Detection Engineering and Threat Hunting• Participates in the development, maintenance, and testing of security alerts covering a wide range of operating systems, services, and applications• Analyze, triage and lead security incidents• Develop and present performance reports and metrics• Provide a technical resource and escalation point for Tier 1 and Tier 2 analysts• Performs activities including planning, providing technical leadership, and tracking projects and key task dates• Uses security monitoring tools to investigate, respond to, and recommend appropriate corrective actions for data security incidents• Produce high-quality oral and written presentations, communicating complex technical matters clearly and concisely with audiences ranging from peers to senior management• Develops and assists in the maintenance of standard operating procedures to ensure security is in compliance with policies and standards

Requirements

Required Skills:• U.S. Citizenship• Active Secret clearance. Must be able to obtain a TS/SCI clearance• Must be able to obtain DHS Suitability• 8 years of experience engineering, operating, or managing layered security and SIEM integration for on-premise or cloud/private cloud environments.• 2+ years of Tier 3 incident handler experience in cloud and/or on-premise environment• Minimum 2 years of professional experience working with AWS or Azure infrastructure, services in a security-focused role.• Advanced knowledge of AWS & Azure architectural concepts and guardrails.• Experience engineering, operating, and managing layered security and SIEM integration• Demonstrated experience handling incidents across multiple operating systems• Excellent written and oral communication skills

Desired Skills:• Information Security and IT certifications: Cisco, Red Hat, AWS, etc.• Experience administering cyber security tools such as Firewalls, SIEM, and PCAP• Virtualization technologies, e.g. VMWare, HyperV, etc.• Scripting in Python or Perl• Experience operating AWS Guard Duty, AWS Watchdog, Azure Defender and Azure Sentinel.• Solid understanding of the different file structures, computer architecture, and operating system functions, sufficient to administer and troubleshoot Windows and *nix systems. Candidate must be prepared to demonstrate that they understand common indicators of compromise and where to find evidence of compromise (example: abnormal process, files, network connections, abnormal log entries, etc.) as part of an in-depth collaborative investigation process.Required Education- A bachelor’s degree in systems engineering, a related specialized area or field. Two years of related work experience may be substituted for each year of degree level education.

Desired Certifications:

• DoDI 8570.01-M IAT Level II Technical Certification (Security+ CE, CCNA + Security, SSCP, CYSA) or equivalent AND an Incident Reporter Certification (CEH, GCIH, GCIA, GNFA, or comparable certification)

Company Overview:

Node.Digital is an independent Digital Automation & Cognitive Engineering company that integrates best-of-breed technologies to accelerate business impact.

Our Core Values help us in our mission. They include:

OUR CORE VALUES

*Identifying the~RIGHT PEOPLE~and developing them to their full capabilities*

*Our customer’s “Mission” is our “Mission”. Our~MISSION FIRST~approach is designed to keep our customers fully engaged while becoming their trusted partner*

*We believe in~SIMPLIFYING~complex problems with a relentless focus on agile delivery excellence*

*Our mantra is “~Simple*Secure*Speed~” in delivery of innovative services and solutions*

Benefits

• Medical (100% Coverage for Employee)
• Dental
• Vision
• Basic Life (100% Coverage for Employee)
• Health Saving Account
• 401K
• Three weeks of PTO
• 10 Paid Holidays
• Pre-Approved Online Training