Job Details
- Protect enterprise systems and information by promptly responding to security threats and incidents, acting individually and as part of a team.
- Proactively hunt for cyber threats and enact identification, containment and eradication measures while supporting recovery efforts.
- Perform analysis on LLNL intrusion detection systems.
- Provide security monitoring and incident response support including troubleshooting and resolution of issues.
- Create and manage processes, systems, and tools exercising a high degree of responsibility.
- Serve as an incident response technical point of contact and interact with internal and external personnel.
- Perform technical assessments, document actions, findings, and make remediation recommendations.
- Promote and support plans to promote diversity, equity and inclusion within the program.
- Perform other duties as assigned.
Additional Job Responsibilities, At The SES.3 Level
- Manage multiple complex parallel tasks and priorities of customers and stakeholders, ensuring deadlines are met, while leveraging team member skills.
- Develop advanced methods, tools, and procedures to improve incident response capabilities and automate various complex tasks.
- Mentor and provide technical guidance to team members in incident response best practices and procedures.
Qualifications
- Ability to secure and maintain a U.S. DOE Q-level security clearance which requires U.S. citizenship.
- Bachelor's degree in Computer Science, Computer Engineering or related field, or the equivalent combination of education and related experience.
- Broad experience with SIEM, log aggregation, packet analysis, or other cybersecurity tools.
- Experience conducting host forensics, network forensics, log analysis, or malware analysis in support of incident response investigations.
- Proficient written and verbal communication, strong interpersonal skills, ability to collaborate in a multi-disciplinary team environment and to interact with all levels of management and staff.
- Ability to effectively manage concurrent technical tasks with conflicting priorities, to approach difficult problems with enthusiasm and creativity and to change focus when necessary, with experience working independently.
- Ability to work off-hours and on-call to respond to incidents (intermittently, either as-needed or as part of a rotation).
Additional Qualifications At The SES.3 Level
- Significant knowledge of SIEM solutions, threat hunting, incident response, or incident management.
- Significant experience with log analysis, event correlation, or incident management procedures.
- Advanced ability to provide innovative approaches and apply new technologies to tasks and projects that may not be well defined.
Qualifications We Desire
- Master's degree in Computer Science, Computer Engineering, or a related field, or equivalent level of knowledge.
- Significant incident response experience, including experience with cloud services such as AWS/Azure, and experience leading teams.
- Experience with programming or scripting languages such as C, C#, Python, Java, PowerShell and PHP.
- Current industry specific certifications including but not limited to Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Global Information Assurance Certification (GIAC).
Skills: incident response,security,management,advanced,computer engineering,computer science,forensics,cyber,log analysis,c#,python