Investigates, analyzes, and responds to cyber incidents within the network environment or enclave; correlates incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation; performs analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security; performs cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation; performs real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs); tracks and documents cyber defense incidents from initial detection through final resolution; coordinates with intelligence analysts to correlate threat assessment data; coordinate incident response functions.

Education: Bachelor’s Degree in Computer Information Systems or Information Technology, Cybersecurity or Information Assurance or equivalent work experience of 5 or more years.
Certifications: GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), Windows Forensic Analysis (GCFE)