Enterprise Incident Response Architect

Location: San Diego, CA
Date Posted: 08-25-2014

SOLUTE is seeking an experience Enterprise Incident Response Architect to perform cyber incident response and forensic analysis on potentially compromised systems utilizing EnCase Enterprise, SANS SIFT, and other related digital forensic and incident response tools. Assist with coordination efforts with law enforcement and other government entities for the purposes of distributing digital evidence and forensic data, and performing other incident response activities.
 
You will develop, test, and maintain the Incident Response (IR) architecture. This position shall include the creation and maintenance of a secure virtual environment to allow for the operation of enterprise forensic software and the storage of forensic evidence and malicious code. This position shall create, test, and maintain a forensic tool software suite for incident responder workstations, shall analyze malware and develop signatures for distribution to other components of the Network Security team and external agencies, and shall interface with Network Security Team members for dissemination of incident information.  Required Qualifications: 

  • Bachelor's Degree in STEM AND ten (10) years of cyber security work experience.
  • One (1) of the following commercial certifications:
    • CompTIA Security + (SY0-301)
    • International Information Systems Security Certification Consortium (ISC2) Certified Authorization Professional (CAP)
    • CompTIA Advanced Security Practitioner (CASP)
    • Information Systems Audit and Control Association (ISACA) Certified Information Security Manager (CISM)
    • ISC2 Certified Information Systems Security Professional (CISSP)
    • Global Information Assurance Certification (GIAC) Security Leadership Certification (GSLC)
  • Two (2) of the following commercial certifications:
    • Microsoft Certified Technology Specialist (MCTS): Windows Server 2008 Active Directory, Configuring – Server 2008 (70-640)
    • MCTS: Windows Server 2008 Network Infrastructure, Configuring – Server 2008 (70-642)
    • Installing and Configuring Windows Server 2012 – Server 2012 (70-410)
    • Administering Windows Server 2012 – Server 2012 (70-411); OR
  • One (1) of the following commercial certifications:
    • Microsoft Certified IT Professional (MCITP): Enterprise Administrator on Windows Server 2008 – MCITP (Enterprise Administrator)
    • MCITP: Server Administrator on Windows Server 2008 – MCITP (Server Administrator)
    • Microsoft Certified Systems Administrator (MCSA)
    • Microsoft Certified Systems Engineer (MCSE 2012)
  • One (1) of the following commercial certifications:
    • Linux Professional Institute (LPI) Advanced Level Linux Professional  Certification– LPIC-2
    • Oracle Certified Professional – Oracle Solaris Systems Administrator (OCP-OSSA)
    • Red Hat Certified Engineer (RHCE)
    • Red Hat Certified System Administrator (RHCSA)
    • Sun Certified Network Administrator (Oracle Solaris) (SCNA)
    • Sun Certified System Administrator (Oracle Solaris) (SCSA)
    • CompTIA Linux+
    • LPI – Senior Level Linux Professional Certification (LPIC-3)
    • Oracle Certified Expert – Oracle Solaris System Administrator (OCE-OSSA)
    • Red Hat Certified Datacenter Specialist (RHCDS)
    • EC-Council Certified Ethical Hacker (CEH) certification
  • Three (3) years of demonstrated experience in Incident Response, or Malware Reverse Engineering, or Computer Forensics.
  • Five (5) years of demonstrated experience in implementing and maintaining secure virtualized environments.
  • Two (2) years of demonstrated experience in managing secure storage systems.
  • Two (2) years of demonstrated experience in VLAN and firewall management.
  • Shall be familiar with DIACAP (for GENSER systems), National Institute of Standards & Technology (NIST) SP 800-53 (for unclassified systems), Department of Defense Instruction (DoDI) 5200.40 – DIACAP.
this job portal is powered by CATS