Incident Handler Location HI - Honolulu Job Code 12553 # of openings 1 Apply Now (https://phg.tbe.taleo.net/phg04/ats/careers/v2/applyRequisition?org=AKIMEKATECH&cws=43&rid=12553) The Alaka`ina Foundation Family of Companies (FOCs) is looking for an Incident Handler to support our government customer located in Honolulu, Hawai'i. DESCRIPTION OF RESPONSIBILITIES: + Conduct incident analysis and recommend mitigation measures in response to general or specific advanced persistent threats (APT) attempted exploits/attacks, malware delivery, etc., On army networks. + Mitigations may include blocking/denying access to hostile websites or restricting access to specific ports/protocols and/or applications. + Make recommendations to the supported operations and maintenance organization to take necessary action where the DCO-D does not administratively control the sensor grid. + Provide justification of internal defensive measures and/or operational impact (implied or accepted risk) to a configuration control board (CCB) and/or approving authority (AO), as required, for mitigation action (internal defensive measure) approval. If deemed appropriate (or as requested), the internal defensive measure may involve coordination of a network damage assessment (NDA), network assistance visit (NAV), or other version of the computer defense assistance program (CDAP) mission. + Monitor all sensors and agents managed by the RCC-P for security event analysis and response; and maintain and update the triage database with current threat data and response methods in real-time with follow-up recurring within 72 hours of last response. + Respond to a detected event and perform triage, ensure proper handling of the associated trouble ticket (TT), and process events in accordance with appropriate ttps. + Provide all initial cyber incident reports to law enforcement and counterintelligence agencies (LE/CI). + Maintain an up-to-date point of contact (POC) list for LE/CI agencies as routinely provided by the major cybercrimes unit (MCU) and cyber counterintelligence agencies. In cases where an active investigation will be opened, LE/CI agencies will provide written requests in accordance with local TTP that will include at a minimum the official case number and include specific data logs and information required. + Provide support and expertise to include the provision of the required data along with a summary or analysis of the data. Data and answers provided in the analysis shall pertain specifically to requirements in the LE/CI official request or within DCO-D ttps. (I.E., Do not provide data or answers to anything not specifically requested by LE/CI). + Provide all initial cyber incident investigation reports to LE/CI + Develop, staff, coordinate and execute cyber–incident response investigations for the operational environment (unclassified and classified). Investigations shall address each pre-determined category of cyber incident ( IAW CJCSM 6510.01B) detected (internally or externally reported); address priorities and types of internal defensive measures and potential mitigation strategies to be employed acceptable level of risk). + Validate security event information for each cyber incident ticket which includes at a minimum event name, date, time, location, source IP address, destination IP address, source ports, and destination ports. + Identify and maintain visibility of all potential or confirmed cyber incidents and/or security issues IAW ARCYBER/higher headquarters’ policies and procedures. + Obtain and maintain access to joint worldwide intelligence communications system (JWICS) and required systems and services to conduct cyber threat analysis support; respond to ARCYBER/higher headquarters’ inquiries on cyber incident status or issues as appropriate or requested; and conduct quality control of cyber incidents to + Maintain compliance with CJCSM 6510.01b. + Provide and coordinate cyber incident trend analyses to identify systemic or potential issues on reported and confirmed cyber incidents. + Provide and brief cyber incident details IAW policies and procedures; and coordinate and synchronize incident handling (IH) actions or cyber incidents with LE/CI per the RCC-P incident handling TTP. + Acquire any necessary data to determine scope of reported cyber incidents and ensure all investigation reports are auto forwarded to the designated ticketing solution, as required, with the most current action visible to ARCYBER/higher headquarters’ incident handling portal/ticketing solution. + Other duties as assigned. REQUIRED DEGREE/EDUCATION/CERTIFICATION: + Bachelor's Degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science + Must meet at least one of the following baseline certifications in lieu of education: CBROPS, FITSP-O, GISF, CCSP, CEH, Cloud+, GCED, PenTest+, Security+, or GSEC + Must meet the following Computing Environment (CE) certifications within six (6) months of hire: + CIO/G6 NETCOM IA MD-101 Managing Modern Desktops Skillport Course + MS 365 Modern Desktop Administrator Associate + Operating System Certifications: SNORT IDPS/IPS Training Certificate based on current market offerings (SNORT and/or Sourcefire experience highly preferred). + Training IAW PWS Requirements: IA Awareness Training, as specified in AR 25-2; Antiterrorism Level I; iWATCH; Level I OPSEC; TARP Training; Theater Specific Training, if applicable REQUIRED SKILLS AND EXPERIENCE: + Knowledge and minimum of 2 years in Information Assurance Systems/Network Analysis + Experience with Network intrusion detection system (NIDS) software such as SNORT + Experience with Army Cyber Security (CS) guidance and regulations. + Must meet DoD 8140 for Cyber Defense Incident Responder (531) DESIRED SKILLS AND EXPERIENCE: Skills and experience that are desired by the customer or by the hiring manager listed here. REQUIRED CITIZENSHIP AND CLEARANCE: + Must be a U.S. Citizen. + Must have a TOP SECRET/SCI clearance OR a SECRET clearance with the ability to upgrade. The Alaka`ina Foundation Family of Companies (FOCs) is a fast-growing government service provider. Employees enjoy competitive salaries. Eligible employees enjoy a 401K plan with company match; medical, dental, disability, and life insurance coverage; tuition reimbursement; paid time off; and 11 paid holidays. We are an Equal Opportunity/Affirmative Action Employer. We are proud to state that we do not discriminate in employment decisions on the basis of race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. If you are a person with a disability and you need an accommodation during the application process, please click here (HRdept@alakaina.com) to request accommodation. We E-Verify all employees. The Alaka`ina Foundation Family of Companies (FOCs) is comprised of industry-recognized government service firms designated as Native Hawaiian Organization (NHO)-owned and 8(a) certified businesses. The Family of Companies (FOCs) includes Ke`aki Technologies, Laulima Government Solutions, Kūpono Government Services, and Kapili Services, Po`okela Solutions, Kīkaha Solutions, LLC, and Pololei Solutions, LLC. Alaka`ina Foundation activities principally benefit the youth of Hawaii through charitable efforts which includes providing innovative educational programs that combine leadership, science & technology, and environmental stewardship. For additional information, please visit www.alakainafoundation.com #ClearanceJobs #LI-JS1