Job Title: Senior Cyber Incident Responder

Job Category: Information Technology

Time Type: Full time

Minimum Clearance Required to Start: TS/SCI

Employee Type: Regular

Percentage of Travel Required: Up to 10%

Type of Travel: Local

The Opportunity:The candidate shall provide Incident Response within a 24/7/365 SOC. The candidate will be responsible for coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for events and incidents. This includes malware analysis, forensic artifact handling and analysis. In addition, while not in a period of incident response, the role requires participation in continuous exercises and dry runs to improve overall process improvement.

Responsibilities:

• Coordinate and execute tasks, performing analysis, and building/documenting response activities required during cyber security incident response, to include but not limited to actions such as implementing containment measures, IP blocks, domain blocks, and disabling user accounts on direction of the Government.

• Coordinates with other stakeholders as appropriate to ensure incidents are properly reported, contained, and eradicated.

• Coordinates with other contracts, organizations, activities, and services to ensure NGA recovers from an incident/event.

• Builds timelines, documents, briefings, and other products as required to inform stakeholders of incident response actions, analysis, and the impact of both adversary activity and blue force response actions.

• Documents actions taken and analysis in the authorized ticketing system to a level of detail where the actions taken and analysis are capable of being systematically reconstructed.

• Serve as C-IRT members as required and serve under the direct control of, and take direction from, the Government C-IRT Commander.

• Develops, documents, and provides to the Government incident investigation reports which include sufficient information to document the entire lifecycle of the incident and the response, including but not limited to adversary and friendly forces activity, host and network analysis, timelines, and recommendations for corrective actions, recommendations for new Tactics, Techniques, and Procedures (TTP) and other recommendations as appropriate, within 30 days of C-IRT stand-down;

• Conduct Quality Control reviews of tickets worked by more junior analysts to ensure proper analysis, categorization, documentation, and notification.

Qualifications: Required:

• Candidate must have a TS/SCI with ability to obtain a Polygraph

• Demonstrated experience serving in an incident response role, or similar, for a minimum of 4 years.

• Sufficient knowledge of complex enterprise cybersecurity systems and technologies with the ability to interpret network and web architecture documentation.

• Demonstrated experience providing briefings to an executive audience.

• Certified DoD 8140.01 and 8570.01-M Information Assurance Technical Officer (IAT) Level III

• Certified DoD 8140.01 and 8570.01-M CSSP Incident Responder

• Excellent verbal and writing skills with the ability to write clear and concise assessment reports.

• Good understanding of adversarial tactics and techniques as it applies to defensive cyber operations.

• Strong understanding of both network and host-based tactics.

• Good understanding of web application exploitation techniques.

• Strong understanding of the attack lifecycle.

• Good understanding of defense evasion techniques.

• Bachelor’s degree, or higher, in Computer Science, Cyber Security Engineering or IT-related discipline. With an additional 8 years of experience in the cybersecurity field. Additional years of experience may be substituted in lieu of degree.

Desired:

• Demonstrated 6 or more years of experience supporting an IC or DoD agency with an understanding of Defensive Cyber Operations in cloud environments, including hybrid multi-cloud environments.

• Proficient in vendor agnostic cloud security concepts

• Strong understanding with the Intelligence Lifecycle and how it applies to Cyber Threat Intelligence reporting.

What You Can Expect:

A culture of integrity.

At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.

An environment of trust.

CACI values the unique contributions that every employee brings to our company and our customers - every day. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.

A focus on continuous growth.

Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy.

Pay Range:

There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.

The proposed salary range for this position is:

$103,800 - $218,100

CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.