Detection Incident Handler

BCMC is seeking a Detection Incident Handler.

The Tier 3 Detection Incident Handler will handle escalations from Tier 1 and Tier 2 analysts working to analyze, contain, and eradicate potential cyber threats to the organization.

This role is responsible for coordinating and leading security incidents, as well as facilitating cross-team post incident reviews and reports.

This includes analyzing and dissecting techniques utilized by threat actors, understanding where best detection opportunities lie, identifying potential monitoring gaps, and configuring detections to defend the organization.

The role will also have the opportunity to work in and help mature other areas such as threat hunting and automation.

Must have experience with detection and prevention tools and services including packet captures, IDS / IPS, SIEM, EDR solutions, native cloud logs and security compliance and incident response applications / services.

Responsibilities Include :

• Senior level opportunity for someone very experienced with Security Operations Centers (SOCs), Incident Management, Detection Engineering and Threat Hunting
• Participates with development, maintenance, and testing of security alerts covering a wide range of operating systems, services, and applications
• Analyze, triage and lead security incidents
• Develop and present performance reports and metrics
• Provide a technical resource and escalation point for Tier 1 and Tier 2 analysts
• Performs activities including planning, providing technical leadership, and tracking projects and key task dates
• Uses security monitoring tools to investigate, respond to, and recommend appropriate corrective actions for data security incidents
• Produce high quality oral and written presentations, communicating complex technical matters clearly and concisely with audiences ranging from peers to senior management
• Develops and assists in maintenance of standard operating procedures to ensure security is in compliance with policies and standards

Required Skills :

• U.S. Citizenship. Active Secret clearance. Must be able to obtain a TS / SCI clearance. Must be able to obtain DHS Suitability
• 8 years of experience engineering, operating, or managing layered security and SIEM integration for on premise or cloud / private cloud environment.
• 2+ years of Tier 3 incident handler experience in cloud and / or on-premise environment
• Minimum 2 years of professional experience working with AWS or Azure infrastructure, services in a security focused role.
• Advanced knowledge of AWS & Azure architectural concepts and guardrails.
• Experience engineering, operating, and managing layered security and SIEM integration
• Demonstrated experience handling incidents across multiple operating systems
• Excellent written and oral communication skills

Desired Skills :

• Information Security and IT certifications : Cisco, Red Hat, AWS, etc.
• Experience administering cyber security tools such as Firewalls, SIEM, and PCAP
• Virtualization technologies, e.g. VMWare, HyperV, etc.
• Scripting in Python or Perl
• Experience operating AWS Guard Duty, AWS Watchdog, Azure Defender and Azure Sentinel.
• Solid understanding of the different file structures, computer architecture, and operating system functions, sufficient to administer and troubleshoot Windows and *nix systems.

Candidate must be prepared to demonstrate that they understand common indicators of compromise and where to find evidence of compromise (example : abnormal process, files, network connections, abnormal log entries, etc.

as part of an in-depth collaborative investigation process.

Required Education

A bachelor’s degree in systems engineering, a related specialized area or field. Two years of related work experience may be substituted for each year of degree level education.

Desired Certifications :

• DoDI 8570.01-M IAT Level II Technical Certification (Security+ CE, CCNA + Security, SSCP, CYSA) or equivalent AND an Incident Reporter Certification (CEH, GCIH, GCIA, GNFA, or comparable certification)
30+ days ago