Tasks:• Oversee remediation and recovery engagements with affected entities.• Review and advise on defining and prioritizing of critical business functions of the affected entity, the proposed requirements and plans for backup, restoration and disaster recovery operations.• Review and advise on the proposed compromise recovery plan.• Review and advise on architecture reviews, identified gaps, and given recommendations.• Establish yourself as a thought leader in the field of compromise remediation and recovery by writing and publishing articles, speaking and conferences, mentoring and coaching, leading and participating in new projects, and developing new initiatives for the section.• Review and advise on proposed long-term security posture improvements.• Provide expert input to the services, processes, procedures related to remediation and recovery section.• Provide expert input in remediation and recovery section goals and initiatives.• Step in as the lead of incident of national significance:• Engage with affected entities of a cyber incident during the containment and remediation phases.• Drive the incident remediation and recovery phase.• Identify and prioritize critical business functions in collaboration with organizational stakeholders.• Define and prioritize essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event.• Define appropriate levels of system availability based on critical system functions and ensure that system requirements identify appropriate disaster recovery and continuity of operations requirements to include any appropriate fail-over/alternate site requirements, backup requirements, and material supportability requirements for system recover/restoration.• Review and analyze system(s) and architecture(s) against cybersecurity architecture guidelines and best practices, recommend security services, and security mechanisms to increase the security posture.• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.• Develop cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data primarily applicable to government organizations.• Analyze how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.• Provide advice on design concepts or design changes.• Determine the protection needs (i.e., security controls) for the information system(s) and network(s)• Develop a plan to get the affected critical business functions online.• Develop a strategy to increase the long-term security posture.• Define a cyber compromise recovery plan and process to eradicate the threat actor and regain control of the environment.• Develop and document remediation and recovery reports.• Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.• Document the lessons learned from the incident.Skills in:• Applying and incorporating information technologies into proposed solutions.• Designing countermeasures to identified security risks.• Designing the integration of hardware and software solutions.• Determining how a security system should work and how changes in conditions, operations, or the environment will affect these outcomes.• Using virtual private network (vpn) devices and encryption.• Configuring and utilizing software-based computer protection tools (e.g., software firewalls, antivirus software) and computer protection components (e.g., hardware firewalls, servers, routers, as appropriate).• Designing multi-level security/cross domain solutions.• Using public-key infrastructure (pki) encryption and digital signature capabilities into applications (e.g., s/mime email, ssl traffic).• Setting up physical or logical sub-networks that separate an internal local area network (lan) from other untrusted networks.• Applying cybersecurity and privacy principles to organizational requirements.• Identifying cybersecurity and privacy issues that stem from connections with internal and external partner organizations.• Implementation and recovery of active directory forests including authentication services such as active directory federation services and active directory certificate services.• Troubleshooting Active Directory Replication (AD), Group Policy, DFS Replication (DFSR), supporting complex multi-forest AD topologies, authoring and triaging Group Policies in large, regulated environments, ability to identify defects or misconfiguration in AD services• Understanding and Troubleshooting Windows Server Operating System (OS) Roles.• Administering, Backup/Recovery and Troubleshooting Virtualization Platforms, Exchange, SQL Servers, Windows Servers.• Microsoft Azure Infrastructure (IaaS) management and deployment: Virtual Machines, Storage, Networking.• Troubleshooting Hybrid Identity Including Active Directory, Azure AD and technologies such as Azure AD Connect, Azure AD Password Protection.• Utilizing SIEM and SOAR platforms such as Microsoft Sentinel, Splunk, QRadar.• Utilizing Microsoft Security solutions – Endpoint security, cloud security, and identity.• Security Software Deployment at scale including troubleshooting and support for various identity platforms and solutions.• Analyzing security telemetry in relation to alerts and incidents.
