Tyto Athene is searching for a Incident Response Analyst to support our law enforcement customer in Washington, DC.

Responsibilities:

The contractor shall provide cyber situational awareness and threat monitoring services. Monitoring, event detection, and reporting of threats are conducted for the DOJ’s enterprise networks and systems that operate at different classification levels (i.e., Controlled Unclassified Information). Monitoring, and event detection is conducted using government furnished capabilities Provide User Activity Monitoring (UAM) support to improve, expand, operate, and maintain the products used to implement the Insider Threat Prevention and Detection Program. Services are needed to integrate new data sources, deploy triggers, and create customized functionality (such as visualizations, helpers, and exports) to support existing and future analytical processes and workflows.

• The contractor shall analyze threats against the environment
• The contractor shall develop and implement a metrics-based method of providing situational awareness
• The contractor shall provide a minimum of two (2) security analysts on site 24x7 to meet the DHS TIC SOC requirements. Additional personnel will be required to meet the full requirements of this Call.
• The contractor shall provide cyber situational awareness and monitoring of threat events
• The contractorshall operate systems that support tracking, event monitoring, correlation, aggregation, and indexing of data from the Internet. The capability shall assist trend and pattern analysis, and visualization of existing/known and emerging/zero-day threats
• The contractor shall assist organizations with their:
• Predictive analysis of data, supporting production of proactive recommendations and mitigations against various kinds of threats
• Understanding of and swift reaction to real-time and developing threats which manifest themselves in both the ‘real-world’ and virtual domains
• Correlation of internal and external data to discover the true nature of an organization, person or location’s threat profile
• The contractor shall provide surge support (i.e. event monitoring and analyst augmentation), complex analysis, and training as required
• The contractor shall create complex correlation rules and/or triggers in the Enterprise Security Incident Event Management (SIEM) system(s). These rules shall be based on correlations made from multiple log sources.
• Contractor shall develop and maintain metrics for JSOC management that assist in the overall view of cyber security within the Department. Examples of metrics include: Type of incidents by components, both by US-CERT/NIST category and by type (e.g. Spear Phish, Watering Hole, Crimeware, etc.), User activity, Requests per component, Component time to respond
• Contract staff shall run the Daily Indicator Report (see Cyber Threat Intelligence section) through JSOC tools to identify DOJ systems that are shown contacting IPs in the report or exhibiting indicators of compromise (IOCs) (i.e. registry keys, processes, file hashes, etc.)
• Contractor staff shall develop and document change requests to improve the efficiency and effectiveness of DOJ capabilities to detect, analyze and report events and incidents. Change requests shall be documented and coordinated using JSOC procedures for documenting and approving changes to Standard Operating Procedures as well as related JSOC change request processes, procedures, and capability
• Contractor staff shall use reviews of analysis of events and incidents, change request status, and reviews of operations, standard operating procedures, and problem reports to update risk management efforts and to prepare weekly reports and Program Management Review presentations and reports
• Engage appropriate stakeholders (information owners, data governance teams, information security risk managers, etc.) in order to identify and determine a proper solution to protect sensitive DOJ information
• Engage with product vendor technical and executive colleagues to help resolve trouble tickets for the DOJ
• Have the proper reach back protocols with product vendor established for critical incident resolutions
• Engage with product vendor product enhancement teams to ensure all DOJ requirements are being tracked and scheduled for implementation
• Provide technical expert insights into the code of the vendor product agents and , features and modules in order to better enhance the implementation at DOJ
• Define, advance and drive implementation of UAM to support DOJ’s strategic direction
• Participate in quality assurance activities supporting the UAM indicator/trigger creation process
• Maintain documentation of any work within the UAM
• Develop UAM training presentations for various audiences, including product specific material
• Train business partners, new staff and other key stakeholders as needed
• Generate UAM reports for incident resolution or investigative support
• Analyze UAM event information for policy and scanning recommendations to support the overall success of the Program
• Engage with IT Risk Management, Security Assurance, Security Operations, Data Protection and DLP Program teams to establish accurate reporting and metric requirements
• Develop and provide status reports to various stakeholders concerning UAM projects or performance

Additionally, support is needed to monitor, maintain, and troubleshoot the existing platform to ensure consistent performance and stability. Support activities shall include but are not limited to the following:

• Network
• IT platform
• IT service logs (from Operating System to Application layers)
• DOJ and DOJ Security Incident reports
• DOJ IT service and problem reports routed to JSOC
• Host based security agents
• Cloud Based Systems

Clearance: Secret Clearance required

Location: This position is fully remote

Compensation:

• Compensation is unique to each candidate and relative to the skills and experience they bring to the position. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.

Benefits:

• Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and maternity/paternity leave.