CSOS Analyst Tier 3

Job Description

What You Will Be Doing :

• Coordinating and implementing tasks, performing analysis, and building / documenting response activities required during cyber security incident response, to include but not limited to actions such as implementing containment measures, IP blocks, domain blocks, and disabling user accounts on direction of the Government.
• Coordinating with Security and Installations Directorate (SI) Office of Counterintelligence (SIC), Insider Threat Office (SIII), in addition to other law enforcement and counter intelligence personnel as required to perform advanced investigation and triage of incidents.
• Collaborating with appropriate authorities in the production of security incident reports.
• Categorizing incidents and events.
• Coordinating with other contracts, organizations, activities, and other services as appropriate to ensure incidents are properly reported, contained, and eradicated.
• Coordinating with other contracts, organizations, activities, and other services as appropriate to de-conflict blue / red team activity with open incidents / events.
• Coordinating with other contracts, organizations, activities, and services to ensure NGA recovers from an incident / event.
• Building timelines, documents, briefings, and other products as required to inform stakeholders of incident response actions, analysis, and the impact of both adversary activity and blue force response actions.
• Documenting actions taken and analysis in the authorized ticketing system to a level of detail where the actions taken and analysis are capable of being systematically reconstructed.
• Developing and, when approved by the Government, generating and updating reports in the Joint Incident Management System (JIMS), Incident Case Management System (ICMS), and / or other authorized reporting systems as directed.
• Developing, maintaining, sustaining, and when properly authorized by the Government executing custom scripts, tools, and capabilities to collect and analyze data and to respond to incidents / events.
• Performing digital media analysis on host, server, and network data as required to analyze and respond to an incident, to include but not limited to volatile and non-volatile memory and / or system artifact collection and analysis.
• Developing and identifying indicators of compromise to send to Cybersecurity stakeholders and other Contract Services.
• Providing adversary attribution.
• Performing malware analysis and signature development.
• Coordinating with CSOC Tier 1 and 2 services to remediate all discrepancies and provide recommendations to prevent reoccurrence.

Required Skills

Must Have :

Desired Skills

Nice to Have :

Additional Details

Crimson Phoenix considers people our most important asset. Our goal is to attract, retain, and motivate exceptional individuals from every background who share our commitment to the customer, our passion for the mission, our delight for innovation, and our determination to achieve excellence in everything we do.

We offer phenomenal benefits to our employees, allowing them to focus on the mission, knowing that Crimson Phoenix is focused on them! Just some of the benefits we offer :

Click APPLY to be contacted about this position and find out more details.

We are a small, growth-oriented, federal contractor that delivers professional services in support of the Intelligence & Federal Community. Located outside of Washington D.C., we are a fast-paced group due to the customers' diversity, types of projects, environments, and roles we support. To learn more, please visit

Crimson Phoenix is an Equal Opportunity and Affirmative Action Employer. We welcome and encourage diversity in our workforce.

It is the policy of Crimson Phoenix to provide equal employment opportunity to all employees and qualified applicants without regard to race, color, religion, national origin, sex, age, disability, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected characteristic under federal, state or local law.