closed vacancyCybersecurity Incident Management Responder with CISSP (Senior, Remote)

Requirements &Skills

• Graduation from an accredited four-year college or university with major course work in business management, communications, computer science, information technology or a related discipline
• Four or more years of incident response experience in the industrial controls systems and a thorough understanding of the cybersecurity issues and challenges unique to the industrial controls systems to include performing cyber risk assessments
• Certifications: IAT Level 1 (A+, Network+, SSCP) and CISSP

Responsibilities

• Provide and coordinate with the incident response team personnel, situational awareness of the incident and the reporting of confirmed incidents
• Create, monitor and manage Industry Standard indicators of compromise, artifacts observed on a network or in an operating system that, with high confidence, indicates a computer intrusion
• Coordinate information sharing with appropriate external agencies including, but not limited to, the Department of Homeland Security, National Cybersecurity and Communications Integration Center (NCCIC), Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Federal Bureau of Investigation
• Facilitate the implementation of an intelligence information sharing environment compliant with DHS' specifications for Structured Threat Information eXpression (STIXTM) and Trusted Automated eXchange of Indicator Information (TAXIITM)
• Coordinate and monitor remediation actions performed by the Technology Department and communicate status to the Manager and the Technology Department
• When requested by Manager, develop cyber-centric materials (articles, bulletins, information papers, briefings, etc.) to support the agency's internal communications regarding situational awareness of cyber threats and risk posture
• Provide targeted monitoring and reporting of the agency identified active directory users with provisioned elevated network Active Directory privileges
• Provide compliance monitoring and reporting of regulated data types including, but not be limited to the Payment Card Industry (PCI), Protected Health Information (PHI), Industrial Control Systems (ICS) and Personally Identifiable Information (PII)
• Provide for the monitoring and resolution of risk events in the cloud environment (e.g., Microsoft Azure, Office 365, Amazon Web Services (AWS), Google Cloud, etc.)