Booz Allen Hamilton INC. Cybersecurity Incident Response Analyst, Senior in Denver, Colorado
Job Description Job Number: R0032617Cybersecurity Incident Response Analyst, SeniorKey Role:Serve as a technical lead and manager for commercial client tasks, includingthe assessment, design, and implementation of enterprise securityprevention, detection, and response capabilities. Lead a diverse team ofanalysts in conducting event detection, incident triage, incidenthandling, and remediation. Handle major high impact incidents, generateclear, concise recommendations, and coordinate activities and professionalcommunications across a range of stakeholders. Work closely with clientsecurity teams to develop, tune, automate, and enhance network- andhost-based security devices and support the incident response fly away teamwith managing the response to client Cyber intrusions, including performingextensive network and host triage, maintaining strict chain-of-custody,developing documentation and reports, and performing remediation, asrequired. This position requires the ability to travel up to 80% of thetime, oBasic Qualifications:-5+ years of experience with incident management and response activitiesacross the incident life cycle-Experience with Microsoft Office Suite, including Word, Excel, and PowerPoint-Knowledge of the security tools and techniques used by Cybersecurity teams-Ability to work independently and handle multiple tasks concurrently-Ability to manage and shape a team of high performing analysts to overcomenew challenges-Ability to think of technical obstacles and challenges in the broaderbusiness context-Ability to travel up to 80% of the time, often on short noticeAdditional Qualifications:-Experience with performing host and network forensics analysis, includingusing timestamps across different log types to develop authoritative timelinesof activity to find evidence of malicious activity-Experience with performing anomaly or malware hunts using a common frameworkand standard methodology, including the MITRE ATT&CK framework-Experience with configuring and executing sweep parameters using tools,including GRR Rapid Response-Experience with conducting digital memory acquisition using Volatility,Rekall, or similar tools and extracting malicious binaries for analysis-Experience with setting up and using isolated machines or environments formalware detonation and indicator of compromise identification-Experience with performing static code analysis, including dissectingsuspicious subroutines in assembly-Experience with common scripting languages, including using Perl or Pythonin the context of incident response and security operations-Knowledge of the following security-related technologies: IDS/IPS,SIEM, firewalls, log management, HIDS/NIDS, proxies, endpointdetection and response, and other enterprise-level appliances-Possession of excellent oral and written communication skills, includingadapting style and messaging to communicate with professionals at all levelseffectively-BA or BS degree-One or more of the following Certifications: GIAC Certified IncidentAnalyst (GCIA), Certified Computer Security Incident Handler(CSIH), GIAC Network Forensic Analyst (GNFA), GIAC CertifiedForensic Analyst (GCFA), CREST Certified Incident Manager, or CRESTCertified Network Intrusion AnalystWe're an EOE that empowers our people-no matter their race, color,religion, sex, gender identity, sexual orientation, national origin,disability, or veteran status-to fearlessly drive change.CMCLWe are proud of our diverse environment. EOE,M/F/Disability/Vet.