Copper River Enterprise Services

  • Subject Matter Expert III - Incident Management

    Job Location
    Security Clearance
    Percentage of Travel Required
    Regular Full-Time
  • Overview

    Manage and implement tools to detect respond and report all computer related incidents that includes daily monitoring of information systems, vulnerability remediation, intrusion detection, log reviews, and malware tracking. Be part of the agency’s Cyber Security Incident Response (CSIRT) team and assist in responding to security incidents in a mission critical production environment, such as investigating and remediating possible endpoint malware infections, mitigating threats such as unauthorized use, spam and phishing. Coordinate response, triage and recovery activities for security events affecting the agency’s information assets.


    • Identify and respond to incidents, to prevent or limit damage to assets, and report incidents
    • Detect and analyze incidents, coordinate activities with other stakeholders for containing, eradicating, and recovering from incidents
    • Manage security events identified from enterprise SIEM tool, Threat Intelligence, end-user notifications, etc. to determine security risk and respond accordingly
    • Assess, identify, and coordinate the remediation of the individuals and/or systems affected
    • Categorize, prioritize, and normalize an event to determine if it meets the threshold of a potential incident and declare an incident, if required following documented process
    • Formulate and execute a response to the incident and verify that it is contained, eradicated, and systems are recovered
    • Perform post-incident activities: after action reports, root cause analysis and forensics
    • Maintain incident response plans including test plans and procedures in coordination with the Privacy team to ensure cross-collaboration and team synergy
    • Provide enterprise-wide management of security incidents in unclassified, managed network space, to detect, respond, and report all computer related incidents that includes daily monitoring of information systems, vulnerability remediation, intrusion detection, log reviews, and malware tracking
    • Establish and maintain business relationships with individual contributors as well as management
    • Participate in the review and documentation of requirements for analyzing the specific threats to assist in development of new use cases to detect, report, log, track, and escalate security events
    • Augment Incident Response team to ensure 24/7 coverage and operations. Responsibilities occasionally will require working evenings and weekends, sometimes with little or no advanced notice
    • Routinely develop and update incident response playbooks to ensure response activities align with best practices, minimize gaps in response and provide comprehensive mitigation of threats and also provide guidance to SOC team members on Incident Response activities
    • Execute daily ad-hoc tasks or manage small projects as needed


    • Education:
      • Bachelor’s degree preferred
    • Required Knowledge/Experience:
      • CISSP Certification
      • Experience preparing threat briefs on the current threat environment for Sr. Management
      • Combination of 10 years’ experience and education of demonstrated experience in incident management
    • Preferred Knowledge/Experience:
      • Experience interfacing with US CERT on threat intelligence information exchanges and the transfer indicators of compromise
      • Performing investigations on cloud-based systems (e.g. AWS or Azure)
      • Linux (e.g. syslog, nmap, python, etc.) and MS Active Directory experience
      • Experience with FireEye and Palo Alto network security solutions
      • Demonstrated experience in handling security events in mission critical environments; hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests
      • Proven past experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting and security operations
      • Good grasp of security incident response, such as different phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IOCs), etc.
      • Experience analyzing system and application logs to investigate security issues and/or complex operational issues
      • Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, IDS/IPS, Network Packet Analysis and HIDS)
      • Demonstrated experience with utilizing syslog and Splunk in investigating security issues and / or complex operational issues on Windows and Unix
      • Strong knowledge of network protocols and operating systems (Windows, Unix, MacOS, Linux, Databases)

    Other Responsibilities

    • Perform other tasks consistent with the goals and objectives of the department/contract
    • Perform other duties as assigned by Sr Program Executive

    Invest in a company that invests in you! Copper River provides its employees with ample opportunities for career growth and development. Tuition reimbursement is offered to help employees further their education and skillset. Other perks include Open Leave, 401k matching with immediate vesting, Medical, Vision, and Dental coverage.


    EEO/AA Employer Minorities/Females/Vets/Disability


    Disclaimer: The above statements are intended to describe the general nature and level of work performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed