Incident Handler

• Conduct incident analysis and recommend mitigation measures in response to general or specific advanced persistent threats (APT) attempted exploits/attacks, malware delivery, etc., On army networks.
• Mitigations may include blocking/denying access to hostile websites or restricting access to specific ports/protocols and/or applications.
• Make recommendations to the supported operations and maintenance organization to take necessary action where the CSSP does not administratively control the sensor grid.
• Provide justification of internal defensive measures and/or operational impact (implied or accepted risk) to a configuration control board (CCB) and/or approving authority (AO), as required, for mitigation action (internal defensive measure) approval. .
• Monitor all sensors and agents managed by the organization for security event analysis and response; and maintain and update the triage database with current threat data and response methods in real-time with follow-up recurring within 72 hours of last response.
• Respond to a detected event and perform triage, ensure proper handling of the associated trouble ticket (TT), and process events in accordance with appropriate TTPs.
• Maintain an up-to-date point of contact (POC) list for LE/CI agencies as routinely provided by the major cybercrimes unit (MCU) and cyber counterintelligence agencies.
• Provide support and expertise to include the provision of the required data along with a summary or analysis of the data. Data and answers provided in the analysis shall pertain specifically to requirements in the LE/CI official request or within Organizational TTPs. (I.E., Do not provide data or answers to anything not specifically requested by LE/CI).
• Provide all initial cyber incident investigation reports to LE/CI.
• Develop, staff, coordinate and execute cyber–incident response investigations for the operational environment (unclassified and classified). Investigations shall address each pre-determined category of cyber incident (IAW CJCSM 6510.01B) detected (internally or externally reported); address priorities and types of internal defensive measures and potential mitigation strategies to be employed acceptable level of risk).
• Validate security event information for each cyber incident ticket which includes at a minimum event name, date, time, location, source IP address, destination IP address, source ports, and destination ports.
• Identify and maintain visibility of all potential or confirmed cyber incidents and/or security issues IAW higher headquarters’ policies and procedures.
• Obtain and maintain access to joint worldwide intelligence communications system (JWICS) and required systems and services to conduct cyber threat analysis support; respond to higher headquarters’ inquiries on cyber incident status or issues as appropriate or requested; and conduct quality control of cyber incidents to
• Maintain compliance with CJCSM 6510.01b.
• Provide and coordinate cyber incident trend analyses to identify systemic or potential issues on reported and confirmed cyber incidents.
• Provide and brief cyber incident details IAW policies and procedures; and coordinate and synchronize incident handling (IH) actions or cyber incidents with LE/CI per the incident handling TTP.
• Acquire any necessary data to determine scope of reported cyber incidents and ensure all investigation reports are auto forwarded to the designated ticketing solution, as required, with the most current action visible to higher headquarters’ incident handling portal/ticketing solution.
• Other duties as assigned.

• A BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, or must meet at least one of the following baseline certifications in lieu of education: CBROPS, FITSP-O, GISF, CCSP, CEH, Cloud+, GCED, PenTest+, or GSEC.
• Must meet the following Computing Environment (CE) certifications within 6 months of hire:
• CIO/G6 NETCOM IA MD-101 Managing Modern Desktops Skillport Course
• MS 365 Modern Desktop Administrator Associate
• Operating System Certifications: Training Certificate based on current market offerings.
• Training IAW PWS Requirements: IA Awareness Training, as specified in AR 25-2; Antiterrorism Level I; iWATCH; Level I OPSEC; TARP Training; Theater Specific Training, if applicable

• Knowledge and minimum of 2 years in Information Assurance Systems/Network Analysis.
• Utilize advanced detection capabilities for Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Security Information and Event Management (SIEM), and Digital Forensic solutions.
• Understand current infrastructure, routing of data throughout a network, and comprehend data set locations to perform timely analysis.
• Lead other analysts in performing analytical investigations of discovered, self-reported, or tipped anomalous activities.
• Facilitate reporting and situational awareness to other parent and co-organizations of ongoing efforts to support mission requirements.
• Provide investigative assistance and reporting in collaboration with Law Enforcement and counter-Intelligence agencies.
• Brief various stakeholders of ongoing investigations and create professional written reports to technical and non-technical audiences as applicable.
• Mentor analysts and update Incident Handling procedures, response guidelines, and playbooks based on findings and lessons learned.
• Excellent oral and written communication skills and strong interpersonal skills.
• Non-expired passport required to travel abroad, possibly once a year, to other countries as needed.
• Must meet DoD 8140 for Cyber Defense Incident Responder (531).

• Must be a U.S. Citizen.
• Must have a TOP SECRET/SCI clearance OR a SECRET clearance with the ability to upgrade.

Alaka`ina Foundation