top of page

Bespoke Corps, LLC is looking for a qualified candidate to provide onsite support to one of our valued Department of Defense (DoD) customers. We are seeking a (CSSP/IR) specialist with specific skills in intrusion detection and prevention. The specialist will perform full-spectrum CSSP/IR under DoD and NIST policy and process frameworks as well as open and closed-source cybersecurity intelligence (fusion) research and analysis. The ideal candidate is self-motivated, thrives in team-based work environments, and has strong verbal and written communication skills. The candidate will have demonstrative experience supporting DoD/US Government organizations and agencies. Additionally, the candidate must support rotational weekend and holiday workdays.

 

Demonstrated Experience (Minimum 3 years):

  • • Administering, maintaining, upgrading, and deploying potentially new instances of various CSSP/IR tools such as Splunk, Bro IDS, Palo Alto, Cisco IronPort, BlueCoat, Wireshark, and other open/closed source network defense tools/products

  • Knowledge of Advanced Persistent Threats (APT), network attack patterns, detection techniques, trends, threat actors, and techniques for defending a network against these attacks

  • Providing detailed triage of CSSP/IR incidents, including implementing intrusion detection and prevention signatures

  • Conducting active hunting for network intrusions involving manual packet capture analysis, DNS log review, open source, and closed source intel analysis

  • Creating detailed reports on attack trends and recommended mitigations that are suitable for both senior leaders and technical audiences

  • Extensive experience creating detailed reports about various cybersecurity-related concerns or events

  • Gathering, analyzing, and implementing defenses against Indicators of Compromise (IoCs) gathered from open forums, closed forums, mailing lists, and directed research.

  • Firm and thorough understanding of CSSP/IR tools (i.e., FireEye, Splunk, BlueCoat, HBSS, Bro), as well as a demonstrated ability to identify new and emerging threats

  • Ability to collaborate well within a team construct

Other Skills/Qualifications:

  • Current TS security clearance with current SCI access or have been granted SCI access within the past 24 months.

  • DoD 8570 IAT-II or above professional certification (i.e., Security+, CEH, GCIH)

  • Knowledge and experience categorizing CSSP/IR incidents with CJCSM 6510 Incident Response Categories

  • Experience with creating custom Yara, Snort, HBSS rules, and scripting languages. Python is a plus.

 

Academic Qualifications:

  • BS in computer science, engineering, mathematics, business, or a related field of study from an accredited institution

Work Demands and Environment

  • The work environment and physical demands described here represent those that an employee must meet to perform the essential functions of this job successfully. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to talk or hear. The employee is frequently required, sometimes for extended periods, to walk, stand, or sit. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets, and fax machines. The employee must occasionally lift and/or move small or large objects up to 50 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, depth perception, and the ability to adjust focus.

Travel:

  • Occasional local travel expected (Less than 5%)

 

Job Location:

  • Arlington, VA

 

Weekly Schedule:

  • Saturday & Sunday, 3:00pm-11:00pm (Occasional Rotational Holiday Support)

Candidate Type:

  • W-2 candidates are welcome to apply

Web Consultation

CYBERSECURITY SERVICE PROVIDER/INCIDENT RESPONSE ANALYST
WEEKEND & HOLIDAY HOURS

bottom of page