• Incident Handling Analyst

    Job Locations US-VA-Alexandria
    Job ID
    Clearance Level
    Top Secret
  • Overview

         The Incident Handling Analyst will demonstrate expert-level knowledge in the planning, directing, and managing Computer Incident Response Team (CIRT) operations in a large organization. In addition, they will contribute to a team of Active Detection & Prevention (ADP) professionals working with Intrusion Detection System (IDS) software and hardware, writing reports, briefing event details to leadership, and coordinating remediation within large/complex networks.


         The Incident Handling Branch provides incident analysis, forensics, reverse engineering, and fusion reporting to provide JSP leadership, customers, and appropriate agencies situational awareness on current and emerging threats, as well as indications and warnings (I&W). Incident Handling Branch response services includes the actions taken to report, analyze, coordinate, and respond to any event or computer security incident for the purpose of mitigating any adverse operational or technical impact. Incident Response includes the coordinated development and implementation of courses of action (COAs) that focus on containment, eradication, and recovery. At the same time, it ensures the acquisition and preservation of data required for tactical analysis, strategic analysis, and/or Counter Intelligence (CI) or Law Enforcement (LE) investigations.

    The work location is at the Pentagon and is in support of Pentagon classified and unclassified networks.


    As an Incident Handling Analyst-Senior you will:

    • Demonstrate over six years of experience in Intelligence Community (IC) reporting of cyber threats and MUST have experience with CJCSM 6510.01B;
    • Demonstrate expert-level knowledge of network traffic and communications, including known ports and services;
    • Demonstrate a knowledge of the Windows operating system, knowledge in various Linux distributions and the Unix framework;
    • Demonstrates knowledge of the following security related technologies: IPS, IDS, SIEM, firewalls, DNS, encryption, HIDS, NIDS, proxies, Network Packet Analyzers, malware analysis, forensic tools, and enterprise level appliances;
    • Demonstrate an understanding of various open source and commercial analysis tools used for incident analysis, both network and host-based;
    • Demonstrate understanding of DoD accreditation policies, processes, and practices;
    • Demonstrate expert-level knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) operations in an organization similar in size to this acquisition;
    • Expert proficiency in conducting research and analysis, compiling relevant all source intelligence to incorporate into analytical products and technical briefings;
    • Demonstrate the capability to deliver presentations to senior leaders and in a conference setting;
    • Demonstrate expert ability to analyze and identify relationships and trends between incidents in the short term and patterns across incidents in the long term and report trend analysis in quarterly and yearly trend analysis reports;
    • Demonstrate the expert ability to write detailed technical reports that can be consumed by multiple types of consumers;
    • Demonstrate expert ability to extract actionable information and indicators from intelligence reporting and articulate to network defenders to update network security posture;
    • Demonstrate knowledge of cultural, linguistic, and other behavioral aspects of threat actor capabilities and intent;
    • Demonstrate knowledge of threat intelligence tradecraft, structured analytic, contrarian, and imaginative analytic techniques;
    • Demonstrate expert knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]); 
    • Demonstrate knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., central processing units [CPUs], network interface cards [NICs], data storage); 
    • Demonstrate expert ability to analyze of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT])


    Required Education:

    •  BS degree in a technical field (4+ years of experience in Incident Response in lieu of a degree)


    Required Experience:

    • 6+ years of Incident and Malware analysis experience within DoD or IC environment
    • Knowledge of Cyber Collection Management, Dissemination, Artifact Analysis,

      Attribution/Mitigation Methodology:

      • Knowledge/Understanding of the Diamond Model Concept
      • Familiar with DoD hierarchy and reporting chain
      • Situational Awareness of how to perform report research on U (OSINT)/S/TS
      • Basic networking and PCAP deciphering capabilities
    • DoD 8570 IAT Level II required
    • DoD 8570 IASAE/CND Certification
      • CEH, Sec+, CND-IR, GCIA or GCIH certification 

    Required Clearance:

    •  Active Secret (S)


    Desired Qualifications:

    •  DoD 8570 IAT Level III preferred


    About Aveshka:

    Aveshka is a professional services firm focused on addressing our nation’s most complex threats and challenges. As a small business we’re committed to supporting our clients’ missions with services delivered by our diverse and experienced staff. With expertise in cybersecurity, emergency preparedness, and public health, our experience base spans federal, state, and local governments, as well as private sector entities.


    Aveshka encourages collaborative communication and ongoing learning.  Some of our benefits include:


    • Extensive training programs
    • Gym membership reimbursement
    • Education reimbursement
    • Technology benefits
    • Commuter benefits
    • Generous paid time off and much more!


    Aveshka is an Equal Opportunity Employer (EOE)


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed