Threat Level: green Handler on Duty: Richard Porter

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Incident Manager
Company Bluestone Analytics
Location Arlington, VA
Preferred GIAC Certifications GCIH, GCFA GISP, GCED
Travel 10%
Salary $65 - $80k
Contact Name Megan Owen
Contact Email mowen/at/
Expires 2021-03-15

Job Description

Bluestone Analytics is a mission-focused, veteran-owned business that solves the world’s toughest problems through custom, targeted data collection augmented with artificial intelligence. We are committed to innovation, inclusion, and pushing the boundaries of Open Source Intelligence, and we purposely foster an employee-centric culture of fast-paced achievement and innovation.


Bluestone Analytics is seeking multiple TS cleared Incident Managers to oversee all aspects of the incident management process, from evaluation to resolution. You will be responsible for the creation of standardized procedures to manage incidents and problems, as well as, the design for implementing solutions. Ideally, you will be familiar with incident response processes, network investigative techniques, network intrusion patterns, malware analysis, and cyber security trends and issues. This role requires hands-on work and a high technical proficiency in information security, systems, and network administration. Successful candidates will be results-driven, with significant experience building relationships within the DoD and federal space and possess strong business acumen and exceptional presentation skills.

In a typical week, you may:

Assist with incident management functions when deployed at an onsite engagement
Assist in coordinating with external and internal entities to document daily operations
Manage reported incidents by providing a single point of service for incident customer organizations throughout the incident life cycle of a high priority incident
Aid in conducting peer reviews and providing quality assurance reviews for junior personnel
Guide/Support the mentoring of other incident manages and provide guidance to others on incident management prioritization, triage, and report writing in support of onsite engagements.
Work with business and implementation teams to ensure network security monitoring requirements are considered at an early stage in the product deployment process
Continuously assess network security monitoring requirements, detection methods, and tools and close identified gaps.
Provide strategic and technical leadership for sponsored tools including collating requirements, product selection, implementation, and production maintenance
Ensure security monitoring and response plans are aligned with business and contract goals
Conduct vulnerability assessments/penetration tests of information systems
Develop, research and maintains proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding, and encryption
Identify, deter, monitor, and investigate computer and network intrusions
Provide computer forensic support to high technology investigations in the form of evidence seizure, computer forensic analysis, and data recovery.
Provide support during assigned shifts (2:00 PM - 10:30 PM ET or 10:00 PM - 6:30 AM ET and 12 hour weekend shifts)

Required Skills
US DoD TS/SCI Security Clearance, and;
A High school diploma with three (3) to ten (10) or more years of incident management or cyber security operations experience or;
A Bachelor’s degree in Incident Management, Operations Management, Cybersecurity or related discipline with one (1) to eight (8) or more years of incident management or cyber security operations experience

Preferred Skills
Knowledge of Incident response and handling methodologies
Understanding of the NCCIC National Cyber Incident Scoring System to be able to prioritize triaging of incidents
Experience in general attack stages (e.g. foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, et.)
Proficiency in recognizing and categorizing types of vulnerabilities and associated attacks
Expertise of basic system administration and operating system hardening techniques
Expertise in Computer Network Defense policies, procedures, and regulations,
Knowledge of different operational threat environments ( first generation (script kiddies], second generation [non nation-state sponsored], and third generation [nation-state sponsored])
Experience with system and application security threats and vulnerabilities *(e.g. buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return oriented attacks, and malicious code)
Desired Certifications: GCIH, GCFA GISP, GCED, CCFP or CISSP