Sign Up Sign Up Log In Sign Up
This job has expired and you can't apply for it anymore. Start a new search.

Cyber Incident Response Analyst

Company Overview

For 30 years, clients in the private and public sectors have relied upon SOS International LLC (SOSi) for critical operations in the world’s most challenging environments. SOSi is privately held, was founded by its current ownership in 1989, maintains corporate headquarters in Reston, VA, and specializes in providing logistics, construction, training, intelligence, and information technology solutions to the defense, diplomatic, intelligence and law enforcement communities.

All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.

5-180918-7822: Cyber Incident Response Analyst
LocationU.S. - Virginia - Arlington
Open Date6/5/2019

STG, Inc., a wholly owned subsidiary of SOS International LLC (SOSi), is seeking a Cyber Incident Response Analyst to support the Department of Homeland Security in Arlington, VA.  The Incident Response Analyst is responsible for supporting incident response engagements, and partners with other incident response teams in maintaining an understanding of threats, vulnerabilities, and exploits that could impact client networks and assets.  

The selected applicant will become part of the United States Computer Emergency Readiness Team (US-CERT), responsible for analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. US-CERT provides advanced network and digital media analysis expertise and defends against malicious activity targeting networks within the United States and abroad.



  • The Cyber Incident Response Analyst will provide effective front line support leveraging service desk ticketing system, telephone, and email communications.  

  • Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, as well as embedded systems and mainframes.

  • Monitor open source channels (e.g. vendor sites, Computer Emergency Response Teams, SysAdmin, Audit, Network, Security (SANS) Institute, Security Focus) to maintain a current understanding of Computer Network Defense (CND) threat condition and determine which security issues may have an impact on the enterprise.

  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.

  • Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or Bro as part of duties performing cyber incident response analysis.

  • Track and document CND hunts and incidents from initial detection through final resolution.

  • Collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential CND hunts and incidents within the enterprise.

  • Perform forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.

  • Perform real-time CND hunt and incident handling (e.g. forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Hunt and Incident Response Teams (IRTs).

  • Write and publish CND guidance and reports (e.g. engagement reports) on incident findings to appropriate constituencies.
    Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.

  • Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities.

  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.

  • May be required to travel up to 25% of time.

  • Security Clearance: Active Top Secret Security clearance with the ability to obtain a TS/SCI is required.  In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.

  • Education: Bachelors Degree in a Cybersecurity related field

  • Certifications: Security+ or equivalent

  • Minimum of 5 years related technical experience required for a level 3 role, minimum of 9 years related technical experience required for a level 4 role, minimum of 15 years related technical experience required for a level 5 role.

  • Familiar with network analytics including Netflow/PCAP analysis.

  • Understanding of cyber forensics concepts including malware, hunt, etc.

  • Understanding of how both Windows and Linux systems are compromised.



  • Current active DHS SCI and EOD.

  • Experience using Splunk for system data analytics and monitoring strongly preferred.

  • Experience performing cyber forensics, malware analysis, cyber hunt, etc. strongly preferred.

  • A professional certification such as GCFA, GNFA, GREM, or GCIH is highly desirable.

Company Name:
Security Clearance:
Arlington, Virginia
United States
Not Specified
Job Number:

Send me email alerts for similar jobs