Tier I Incident Handler

SMX is actively seeking a Tier I Incident Handler for a full-time, on-site position at Ft. Belvoir, focusing solely on cybersecurity deliverables within GISA. As a Tier I Incident Handler, you will monitor and analyze data from various cyber defense tools and end-user reports to prioritize and triage alerts, determining if a cybersecurity incident or event is occurring within the environment.

Essential Duties & Responsibilities

• Monitor data collected from a variety of cyber defense tools and end-user reports to prioritize and triage alerts, determining whether a cybersecurity incident or event is occurring.
• Conduct research, analysis, and correlation across a wide variety of all-source data sets (indications and warnings).
• Identify applications and operating systems of network devices based on network traffic.
• Coordinate with enterprise-wide cyber defense staff to validate network alerts.
• Document and escalate incidents (including event history, status, and potential impact) for further action.
• Perform cyber defense trend analysis and reporting.
• Provide summary reports of network events and activity relevant to cyber defense practices as required.
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes.
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities, distinguishing these from benign activities.
• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.
• Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools.
• Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents, articulating event history, status, and potential impact for further action per the organization’s cyber incident response plan.
• Develop content for cyber defense tools.
• Analyze and report organizational and system security posture trends.
• Assess access controls based on principles of least privilege and need-to-know.
• Plan and recommend modifications or adjustments based on exercise results or system environment.
• Provide cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
• Work with stakeholders to resolve computer security incidents and ensure vulnerability compliance.
• Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.

Required Skills, Experience & Education

• Must hold and maintain an active U.S. Government Top Secret security clearance with eligibility for SCI and NATO read-on. Willingness to complete a CI Polygraph examination.
• Must sign a Non-Disclosure Agreement and comply with Army Regulation (AR) 381-10, U.S. Army Intelligence Activities, USSID 1800, and other U.S. Government security regulations.
• Bachelor’s degree in Cybersecurity or a related field, or 4 years of documented work experience conducting Cybersecurity related tasks.
• Hold and maintain one or more of the DoD Approved 8570 Baseline Certifications in the CSSP/CND Analyst category.
• Minimum of 3 years of experience as a Tier I incident handler at an enterprise level.
• Familiarity with relevant U.S. Government, U.S. Department of Defense, U.S. Intelligence Community, and U.S. Army Cybersecurity regulations and compliance standards.

Desired Skills, Experience

Desired Skills:

• In addition to required certifications, hold a CISSP, CISM, or similar.
• Experience working in a DoD or similar government environment.
• Familiarity with compliance standards such as NIST, FISMA, or ISO 27001.

Desired Experience:

• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Ability to work independently and in a team environment.
• Strong attention to detail and organizational skills.
• Ability to manage multiple priorities and tasks in a fast-paced environment.

#LI-Onsite

 #CJPOST