Booz Allen Hamilton Cybersecurity Incident Response Analyst, Senior in El Segundo, California

Cybersecurity Incident Response Analyst, SeniorinEl Segundo, CAatBooz Allen Hamilton Inc.

Date Posted:4/11/2018

ApplyApplyNot ready to Apply?

×Join Our Talent Network

Join us. The world can’t wait.

The Booz Allen Talent Network is your opportunity hub—a chance to learn about what we do, how we do it, and how you can help.

Tell us what interests you. We’ll send you:

  • Job alerts that match your passions

  • Details about relevant upcoming events

  • Information about our work in the news

  • And more

Empower change with us. Start by joining the Network.

Privacy Policy

Terms and Conditions

  • {{ err }}

Thanks for joining our Talent Network, {{vm.userName}}

This service is currently unavailable. Please try again at a later time.

*Required

By joining our Talent Network you have not officially applied to a position.

By joining our Talent Network you have not officially applied to a position.

Thanks for joining our Talent Network, {{ vm.userName }}

By joining our Talent Network you have not officially applied to a position. To apply for this position, please click the continue button.

Continue

Redirect in {{vm.counter}}

Share With:

Job Snapshot

  • Employee Type:

Full-Time

  • Location:

El Segundo, CA

  • Job Type:

Strategy - Planning

  • Experience:

Not Specified

  • Date Posted:

4/11/2018

About Us

At Booz Allen, we harness our collective ingenuity to solve our clients' toughest management and technology problems. We work with governments, Fortune 500 corporations, and not-for-profits around the globe, in industries ranging from defense to health, energy to international development. We believe there is no product, code, or strategy that can create progress-only people can. That's why for more than 100 years we've empowered our team: over 24,000 dreamers, drivers, and doers who work together to change the world.

Job DescriptionJob Number: R0025489

Cybersecurity Incident Response Analyst, Senior

Key Role:

Serve as a technical lead and manager for commercial client tasks, including the assessment, design, and implementation of enterprise security prevention, detection, and response capabilities. Lead a diverse team of analysts in conducting event detection, incident triage, incident handling, and remediation. Handle major high impact incidents, generate clear, concise recommendations, and coordinate activities and professional communications across a range of stakeholders. Work closely with client security teams to develop, tune, automate, and enhance network- and host-based security devices and support the incident response fly away team with managing the response to client Cyber intrusions, including performing extensive network and host triage, maintaining strict chain-of-custody, developing documentation and reports, and performing remediation, as required. This position requires the ability to travel up to 80%, often on short notice.

Basic Qualifications:

-5+ years of experience with incident management and response activities across the incident life cycle

-Experience with Microsoft Office Suite, including Word, Excel and PowerPoint

-Knowledge of the security tools and techniques used by Cybersecurity teams

-Ability to work independently and handle multiple tasks concurrently

-Ability to manage and mold a team of high performing analysts to overcome new challenges

-Ability to think of technical obstacles and challenges in the broader business context

-Ability to travel up to 80% of the time, often on short notice

-BA or BS degree

Additional Qualifications:

-Experience with performing host and network forensics analysis, including using timestamps across different log types to develop authoritative timelines of activity to find evidence of malicious activity

-Experience with performing anomaly or malware hunts using a common framework and standard methodology, including the MITRE ATT&CK framework

-Experience with configuring and executing sweep parameters using tools that include GRR Rapid Response

-Experience with conducting digital memory acquisition using Volatility, Rekall, or similar tools and extracting malicious binaries for analysis

-Experience with setting up and using isolated machines or environments for malware detonation and indicator of compromise identification

-Experience with performing static code analysis, including dissecting suspicious subroutines in assembly

-Experience with common scripting languages, including using Perl or Python in the context of incident response and security operations

-Knowledge of the following security-related technologies: IDS/IPS, SIEM, firewalls, log management, HIDS/NIDS, proxies, endpoint detection and response, and other enterprise-level appliances

-Possession of excellent oral and written communication skills, including adapting style and messaging to communicate with professionals at all levels effectively

-Possession of one or more of the following certifications: GIAC Certified Incident Analyst (GCIA), Certified Computer Security Incident Handler (CSIH), GIAC Network Forensic Analyst (GNFA), GIAC Certified Forensic Analyst (GCFA), CREST Certified Incident Manager, or CREST Certified Network Intrusion Analyst

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation,

national origin, disability, or veteran status—to fearlessly drive change.

CMCL