top of page

Bespoke Corps, LLC is looking for a qualified candidate to provide onsite support to one of our valued Department of Defense (DoD) customers. We are seeking a (CSSP/IR) specialist with specific skills in intrusion detection/prevention and cybersecurity tools administration. The specialist will perform full-spectrum CSSP/IR in accordance with DoD and NIST policy and process frameworks, and open and closed source cybersecurity intelligence (fusion) research and analysis. The ideal candidate is self-motivated, thrives in team-based work environments, and has strong verbal and written communication skills. The candidate will have demonstrative experience supporting DoD/US Government organizations and agencies. Additionally, the candidate must support rotational weekend and holiday workdays.

 

Demonstrated Experience (Minimum 3 years):

  • Strong technical skills and a firm and thorough understanding of CSSP/IR tools (i.e., FireEye, Splunk, BlueCoat, ESS/Trellix, MDE, Bro) as well as a demonstrated ability to identify new and emerging threats

  • Providing detailed triage of CSSP/IR incidents including implementing intrusion detection and prevention signatures

  • Conducting active hunting for network intrusions involving manual packet capture analysis, DNS log review, open source and closed source intel analysis

  • Knowledge of Advanced Persistent Threats (APT), network attack patterns, detection techniques, trends, threat actors and techniques for defending a network against these attacks

  • Creating detailed reports on attack trends and recommended mitigations that are suitable for both senior leaders and technical audiences

  • Extensive experience creating detailed reports pertaining to various cybersecurity related concerns or events

  • Gathering, analyzing and implementing defenses against Indicators of Compromise (IoCs) gathered from open forums, closed forums, mailing lists and directed research

  • Ability to collaborate well within a team construct

Other Skills/Qualifications:

  • Current TS security clearance with current SCI access, or have been granted SCI access within the past 24 months

  • DoD 8570 IAT-II or above professional certification (i.e., Security+, CEH, GCIH)

  • Knowledge and experience categorizing CSSP/IR incidents with CJCSM 6510 Incident Response Categories

  • Experience with creating and implementing custom Yara, Snort and ESS rules

  • Knowledge of scripting languages such as Python is a plus
     

Academic Qualifications:

  • BS in computer science, engineering, mathematics, business or related field of study from an accredited institution

Work Demands and Environment

  • The work environment and physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to talk or hear. The employee is frequently required, sometimes for extended periods, to walk, stand, or sit. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets, and fax machines. The employee must occasionally lift and/or move small or large objects up to 50 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, depth perception, and ability to adjust focus.

Travel:

  • There is no travel expected for this position

 

Job Location:

  • Arlington, VA

 

Weekly Schedule:

  • Monday - Friday, 7:00am - 3:00pm (Occasional Rotational Holiday Support)

Candidate Type:

  • W-2 candidates are welcome to apply (please include a current version of your resume)

Web Consultation

CYBERSECURITY SERVICE PROVIDER/INCIDENT RESPONSE ANALYST

bottom of page