General Dynamics Information Technology Incident Response Team Lead in Durham, North Carolina
Clearance Level Must Currently Possess:
Clearance Level Must Be Able to Obtain:
No Active Clearance Required
No Suitability Required
GDIT is supporting EPA's Office of Environmental Information under the Infrastructure Support and Applications Hosting task order. The purpose of this contract is to develop and operate EPA's infrastructure and application platforms to be reliable, secure, and technologically advanced. The services obtained under this contract support the entirety of EPA at all geographic locations and numerous research facilities across the United States. The services consist of data center management, application hosting, application deployment/maintenance, geospatial service support, network security, cyber security, cloud computing, COOP support, and Enterprise Identity and Access Management (EIAM) and Active Directory (AD). The primary work location is in Research Triangle Park, NC.
We are currently seeking an Incident Response Team Lead to join our team supporting the Environmental Protection Agency’s (EPA) Computer Security Incident Response Capability (CSIRC).
The role will involve support of the Agency’s CSIRC, managing security incidents through the incident response life cycle, including network, forensic, and malware analysis. Normal tasks will include (but not limited to): oversight of the Incident Response team; management of security incidents; interface with EPA and status and reporting; status and reporting to CSRA management.
The candidate for this position will perform the following (but not limited to) duties and tasks:
Research and integration of current vulnerabilities, threats, and security technologies into incident response operations
Management of complex security incidents through the incident response life cycle
Documentation of security incidents in Remedy and maintenance of incident artifacts
Detection and analysis of security incidents through the monitoring of security tools, such as Fortinet, ArcSight, BlueCoat SSA, Cisco AMP/FirePower/Threat Grid, and custom tools
Analysis of incident related data, such as packet captures, netflow, DNS history, and logs
Forensic analysis through use of both open source and enterprise computer forensic tools
Static and dynamic analysis of malicious code identification and analysis
Design and implementation of threat containment, and eradication strategies
Development of incident response processes and procedures
Analysis of organization security posture and development of formal recommendations for controlimplementation or modification
Generation of after action reports, lessons learned documents, and threat papers for senior management
Training and mentoring to other incident response team members
Participation in an afterhours on-call rotation
The Candidate must have the following (but not limited to) qualifications and abilities:
At least five years of experience in a computer security incident response role
At least five years of enterprise Linux and Windows administration
At least two years of leadership experience
Excellent communications and interpersonal skills
Passion for information security and incident response
Practical experience with TCP/IP networking
Experience setting up a Security Operations Center
Experience with Active Directory and other enterprise credential stores
Experience with virtualization technologies such as VMWare or VirtualBox
Experience with computer forensics and malware analysis
Critical thinking and problem solving skills
Ability to quickly learn new technologies and respond to changing requirements and environment
Ability to work independently and in a cross functional team
Ability to identify both tactical and strategic solutions to complex issues
BS or equivalent + 7 yrs related experience, or MS + 5 yrs related experience
CISSP or GIAC certification is desirable.
# of Openings:
Scheduled Weekly Hours:
T elecommuting Options:
Some Telecommuting Allowed
USA NC Durham - 79 TW Alexander Dr (NCS005)
Additional Work Locations:
CSRA is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
THINK NEXT. NOW.
CSRA is tomorrow’s thinking, today. To “Think Next. Now.” is to imagine a better future and to deliver it, today. For our customers, our partners, and ultimately, all the people our mission touches, CSRA is realizing the promise of technology to change the world through next-generation thinking and meaningful results.
We understand that our customers' missions require new methods and imaginative thinking. We bring together government IT professionals, emerging technologies, and the brightest, cutting-edge advisors in the industry to deliver a broad range of innovative, next-generation IT solutions and professional services to help our customers modernize their legacy systems, protect their networks and assets, and improve the effectiveness and efficiency of mission-critical functions for our warfighters and our citizens.
Everywhere you look, CSRA is there. We’re in our nation’s infrastructure, in training and education, in cyber security, in serving veterans who served us—and, so much more. Take some time to learn more about CSRA. You might be surprised to learn how we touch your life.
We are a company of 18,000+ smart, talented individuals, yet we enjoy a start-up culture that inspires us to make a difference while delivering results in this rapidly evolving world. Join our team and use your skills and expertise to support the safety, security, health and well-being of the nation.