ECS is seeking a Cyber Defense Incident Responder – Junior to work in our Washington, DC office.

ECS Federal is a leading information security and information technology company in Fairfax, VA. We are looking to hire a Junior Cyber Defense Incident Responder to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance. 

Position Responsibilities: 

• Develop content for cyber defense tools. 
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources. 
• Coordinate with enterprise-wide cyber defense staff to validate network alerts. 
• Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level. 
• Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment. 
• Perform cyber defense trend analysis and reporting. 
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack. 
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy. 
• Identify and analyze anomalies in network traffic using metadata. 
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings). 
• Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools.

Salary Range: $75,000- $89,000
General Description of Benefits

• Strong written and verbal communication skills. 
• Ability to interpret the information collected by network tools (e.g., Nslookup, Ping, and Traceroute). 
• Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists). 
• Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins). 
• Knowledge of incident response and handling methodologies. 
• Knowledge of front-end collection systems, including traffic collection, filtering, and selection. 
• Experience with system administration, network, and operating system hardening techniques. 
• Knowledge of cyber defense and information security policies, procedures, and regulations. 
• Knowledge of the common attack vectors on the network layer. 
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). 
• In-depth understanding of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). 
• Knowledge of various types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN). 
• Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip). 
• Knowledge of front-end collection systems, including traffic collection, filtering, and selection. 

Certifications/Licenses: 

• Bachelor’s degree or higher  
• 4+ years’ experience in Introductory information assurance, networks, sensor operations, network/data analysis, packet capture analysis, hunts methodologies, intelligence analysis 
• Certifications addressing new attack vectors (emphasis on cloud computing technology, mobile platforms and tablet computers), new vulnerabilities, existing threats to operating environments 
• Active Secret clearance or eligible to obtain a Secret clearance