Apply on Employer Site

Booz Allen Hamilton · 1 week ago

Cybersecurity Incident Handler

San Antonio, TX

Full-time

Hybrid

Senior Level

$69K/yr - $158K/yr

5+ years exp

Booz Allen Hamilton is seeking a Cybersecurity Incident Handler to join their security operations center team. In this role, you will respond to and mitigate cyber threats in real time, monitor and analyze incidents, and assist in recovery efforts to secure critical infrastructure from cyber-attacks.

ConsultingCyber SecurityIT InfrastructureManagement ConsultingSecurity

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Monitor and analyze threats using state-of-the-art tools

Work with the team to understand, mitigate, and respond to threats quickly

Restore operations and limit the impact

Analyze incidents to figure out how many systems are affected

Assist recovery efforts

Combine threat intelligence, event data, and assessments from recent events

Identify patterns to understand attackers’ goals

Qualification

Cybersecurity experienceIncident responseCyber threat intelligenceDigital forensicsNIST guidelinesCloud incident responseMicrosoft OfficeCloud technologiesDevSecOpsInformation assuranceSoft skills

Required

5+ years of experience in cybersecurity

3+ years of experience in a security operations center, including incident response activities such as analysis of artifacts, writing incident reports, and triaging of security events

Experience with cyber threat intelligence, digital forensics, red teaming, threat hunt, cloud incident response, counterintelligence, and detection engineering

Knowledge of cybersecurity standards and the implementation of industry best practices

Knowledge of external standards, including ISO 22301, ISO 22317, and NIST guidelines such as NIST 800-53 or NIST 800-61

Ability to work a rotating shift schedule supporting a 24/7 environment

Ability to travel up to 25% of the time

TS/SCI clearance

HS diploma or GED

DoD 8140 Baseline Level II Certification

Preferred

Experience using Microsoft Office products

Experience with cyber technologies and capabilities, including continuous monitoring, incident response, advanced threat hunt, secure Cloud and mobile capabilities, ongoing assessment, digital forensics, and threat hunt

Experience with Cloud and DevSecOps

Experience with cloud native technologies across Cloud Service Providers such as AWS Guard Duty, Azure Defender for Cloud, AWS Macie, or Google Security Command Center

Experience with cybersecurity tools and solutions such as Microsoft Defender for Endpoint, Corelight, Suricata or Snort, Palo Alto and Cisco firewalls, Archer Case Management, ServiceNow, Threat Connect, Splunk Enterprise Security, Splunk SOAR, Cofense, IronPort Mail Gateways, or Microsoft G5 Defender suite

Experience supporting information assurance, networking, or systems administration