Description:Seeking an experienced Cybersecurity Incident Response Specialist to manage containment, remediation, andrecovery of cyber incidents. Responsibilities include analyzing security architecture, developing cybersecuritydesigns, advising on system protection needs, and enhancing security posture. Expertise in Active Directory, cloudsecurity, and cybersecurity principles required.Roles and Responsibilities:● Engage with affected entities of a cyber incident during the containment and remediation phases.● Drive the incident remediation and recovery phase.● Identify and prioritize critical business functions in collaboration with organizational stakeholders.● Define and prioritize essential system capabilities or business functions required for partial or full systemrestoration after a catastrophic failure event.● Define appropriate levels of system availability based on critical system functions and ensure that systemrequirements identify appropriate disaster recovery and continuity of operations requirements to includeany appropriate fail-over/alternate site requirements, backup requirements, and material supportabilityrequirements for system recovery/restoration.● Review and analyze system(s) and architecture(s) against cybersecurity architecture guidelines and bestpractices, and recommend security services, and security mechanisms to increase the security posture.● Perform security reviews, identify gaps in security architecture, and develop a security risk managementplan.● Develop cybersecurity designs for systems and networks with multilevel security requirements orrequirements for the processing of multiple classification levels of data primarily applicable to governmentorganizations.● Analyze how the implementation of a new system or new interfaces between systems impacts the securityposture of the current environment.● Provide advice on design concepts or design changes.● Determine the protection needs (i.e., security controls) for the information system(s) and network(s)● Develop a plan to get the affected critical business functions online.● Develop a strategy to increase the long-term security posture.● Define a cyber compromise recovery plan and process to eradicate the threat actor and regain control ofthe environment.● Develop and document remediation and recovery reports.● Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.● Document the lessons learned from the incident.Required Skills:● Applying and incorporating information technologies into proposed solutions.● Designing countermeasures to identify security risks.● Designing the integration of hardware and software solutions.● Determining how a security system should work and how changes in conditions, operations, or theenvironment will affect these outcomes.● Using virtual private network (VPN) devices and encryption.● Configuring and utilizing software-based computer protection tools (e.g., software firewalls, antivirussoftware) and computer protection components (e.g., hardware firewalls, servers, routers, as appropriate).● Designing multi-level security/cross-domain solutions.● Using public-key infrastructure (PKI) encryption and digital signature capabilities in applications (e.g.,s/mime email, SSL traffic).● Setting up physical or logical sub-networks that separate an internal local area network (LAN) from otheruntrusted networks.Applying cybersecurity and privacy principles to organizational requirements.● Identifying cybersecurity and privacy issues that stem from connections with internal and external partnerorganizations.● Implementation and recovery of active directory forests including authentication services such as activedirectory federation services and active directory certificate services.● Troubleshooting Active Directory Replication (AD), Group Policy, DFS Replication (DFSR), supportingcomplex multi-forest AD topologies, authoring and triaging Group Policies in large, regulatedenvironments, ability to identify defects or misconfiguration in AD services● Understanding and Troubleshooting Windows Server Operating System (OS) Roles.● Administering, Backup/Recovery, and Troubleshooting Virtualization Platforms, Exchange, SQL Servers,and Windows Servers.● Microsoft Azure Infrastructure (IaaS) management and deployment: Virtual Machines, Storage, Networking.● Troubleshooting Hybrid Identity Including Active Directory, Azure AD, and technologies such as Azure ADConnect, and Azure AD Password Protection.● Utilizing SIEM and SOAR platforms such as Microsoft Sentinel, Splunk, and QRadar.● Utilizing Microsoft Security solutions – Endpoint security, cloud security, and identity.● Security Software Deployment at scale including troubleshooting and support for various identityplatforms and solutions.● Analyzing security telemetry in relation to alerts and incidents.