Cyber Incident Management 3 with Security Clearance

Farfield will assist the Federal staff within the Cybersecurity and Infrastructure Protection Agency (CISA) Hunt and Incident Response Team (HIRT), and National Cybersecurity and Assessment and Technical Services (NCATS) branches, with a broad set of support functions.The Hunt and Incident Response Team is DHS''s front line when responding to cyber incidents andproactively hunting for malicious cyber activity. HIRT leverages world-class expertise to lead response,containment, remediation, and asset recovery efforts with its constituents and partners. HIRT providestwo primary functions to its customer. First, HIRT serves as DHS''s primary operations arm in theexecution of the asset response mission delegated to DHS.When any civilian Government agency or critical asset owner operator experiences a cyber-attack, HIRTcan provide remote and onsite advanced technical assistance. Second, HIRT also can be called upon to proactively identify malicious activity, otherwise known as a ''hunt'', specifically focusing on identifyingthreats from sophisticated threat actors that are often undetected, and in situations beyond the capacity and capability of traditional cyber security tools and techniques. *** Requires a Top Secret/SCI clearance and U.S. Citizenship*** We look for experience with: basic understanding of host and network forensics; understanding log review; ability to differentiate between malign and malicious activities; experience with firewalls; incident response; Windows event managers; Windows Event IDS; MITRE ATT&CK processes; understanding of legal requirements; attack vectors; tactics, techniques and protocols (TTPs), etc. Basic Qualifications: * Splunk use is a must. Splunk certs are great. Operational use is key* 5-7 years of experience with relevant bachelor''s and experience* 7-9 years of experience with high school diploma and relevant experience* GCIH* GCFA* GCIA* GCFE* GNFA* GDAT* CISSP/ ISSAP/ ISSEP* CCSP* CFR* CySA+* CISA* Cloud+* Intermediary proficiency and understanding of applications: * FTK, Encase, Axiom. Xways, Mandiant HX, FireEye, SOF- ELK, Moloch, Wireshark, Network Miner, NetWitness, CyberChef, Corelightm, Security Onion, ArcSight, Zeek/ Bro, Gigamon or other Packer brokers, ELKStack, ArcSight, SourceFire, Tanium, Palo Alto, TCPDump, Tshark, Nagios, Suricata, Corelight, Various Firewalls (F/W) and Router setup/ admin, DomainTools (IRIS), AWS Cloud, MS Azure, Google Cloud Farfield Systems will provide reasonable accommodations to applicants who are unable to utilize our online application system due to a disability. Please send your request to or call us for assistance at 410-874-9363. Farfield Systems is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Share Apply

Created: 2025-10-04