Description:

Seeking an experienced Cybersecurity Incident Response Specialist to manage containment, remediation, and

recovery of cyber incidents. Responsibilities include analyzing security architecture, developing cybersecurity

designs, advising on system protection needs, and enhancing security posture. Expertise in Active Directory, cloud

security, and cybersecurity principles required.

Roles and Responsibilities:

● Engage with affected entities of a cyber incident during the containment and remediation phases.

● Drive the incident remediation and recovery phase.

● Identify and prioritize critical business functions in collaboration with organizational stakeholders.

● Define and prioritize essential system capabilities or business functions required for partial or full system

restoration after a catastrophic failure event.

● Define appropriate levels of system availability based on critical system functions and ensure that system

requirements identify appropriate disaster recovery and continuity of operations requirements to include

any appropriate fail-over/alternate site requirements, backup requirements, and material supportability

requirements for system recovery/restoration.

● Review and analyze system(s) and architecture(s) against cybersecurity architecture guidelines and best

practices, and recommend security services, and security mechanisms to increase the security posture.

● Perform security reviews, identify gaps in security architecture, and develop a security risk management

plan.

● Develop cybersecurity designs for systems and networks with multilevel security requirements or

requirements for the processing of multiple classification levels of data primarily applicable to government

organizations.

● Analyze how the implementation of a new system or new interfaces between systems impacts the security

posture of the current environment.

● Provide advice on design concepts or design changes.

● Determine the protection needs (i.e., security controls) for the information system(s) and network(s)

● Develop a plan to get the affected critical business functions online.

● Develop a strategy to increase the long-term security posture.

● Define a cyber compromise recovery plan and process to eradicate the threat actor and regain control of

the environment.

● Develop and document remediation and recovery reports.

● Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.

● Document the lessons learned from the incident.

Required Skills:

● Applying and incorporating information technologies into proposed solutions.

● Designing countermeasures to identify security risks.

● Designing the integration of hardware and software solutions.

● Determining how a security system should work and how changes in conditions, operations, or the

environment will affect these outcomes.

● Using virtual private network (VPN) devices and encryption.

● Configuring and utilizing software-based computer protection tools (e.g., software firewalls, antivirus

software) and computer protection components (e.g., hardware firewalls, servers, routers, as appropriate).

● Designing multi-level security/cross-domain solutions.

● Using public-key infrastructure (PKI) encryption and digital signature capabilities in applications (e.g.,

s/mime email, SSL traffic).

● Setting up physical or logical sub-networks that separate an internal local area network (LAN) from other

untrusted networks.

Applying cybersecurity and privacy principles to organizational requirements.

● Identifying cybersecurity and privacy issues that stem from connections with internal and external partner

organizations.

● Implementation and recovery of active directory forests including authentication services such as active

directory federation services and active directory certificate services.

● Troubleshooting Active Directory Replication (AD), Group Policy, DFS Replication (DFSR), supporting

complex multi-forest AD topologies, authoring and triaging Group Policies in large, regulated

environments, ability to identify defects or misconfiguration in AD services

● Understanding and Troubleshooting Windows Server Operating System (OS) Roles.

● Administering, Backup/Recovery, and Troubleshooting Virtualization Platforms, Exchange, SQL Servers,

and Windows Servers.

● Microsoft Azure Infrastructure (IaaS) management and deployment: Virtual Machines, Storage, Networking.

● Troubleshooting Hybrid Identity Including Active Directory, Azure AD, and technologies such as Azure AD

Connect, and Azure AD Password Protection.

● Utilizing SIEM and SOAR platforms such as Microsoft Sentinel, Splunk, and QRadar.

● Utilizing Microsoft Security solutions – Endpoint security, cloud security, and identity.

● Security Software Deployment at scale including troubleshooting and support for various identity

platforms and solutions.

● Analyzing security telemetry in relation to alerts and incidents.