RavenTek is a rapidly growing IT modernization and integration company. We deliver and customize leading-edge technical solutions, services, and products to mission critical organizations, primarily federal government agencies. Our employees are excited about the work that we do and the missions we support!

RavenTek is currently hiring a Cyber Incident Responder to work remote in support of our customer(s).

Position Overview and Responsibilities

The Cyber Incident Responder is responsible for responding to cyber security incidents covering all phases of attack including identification, containment and eradication. They will perform technical analysis and triaging as part of incident investigations, conduct host forensics, log analysis, and triage in support of investigations. The Cyber Incident Responder will develop, maintain, improve, and document runbooks, processes, and techniques for incident response. They will assist in correlation search tuning to reduce false positive alerts as well as track and document cyber defense incidents from initial detection through final resolution. The Cyber Incident Responder will coordinate with the customer intelligence analysts to correlate threat assessment data and assist as needed. They should also have experience working in an Agile environment.

Required Experience, Skills, and Qualifications

• Bachelor’s degree and minimum 3 years of related experience
• Knowledge of commercial attack frameworks such as MITRE ATT&CK, Diamond Model of Intrusion Analysis, or Lockheed Martin’s Cyber Kill Chain
• Experience in host and network forensics investigation
• Malware analysis background
• Experience with Splunk Enterprise Security
• Working knowledge of networking: packet analysis, network topologies, firewall configuration
• Working knowledge of Security orchestration, automation, and response (SOAR)
• Experience with Splunk administration, configuration, tuning large environments
• Experience with data onboarding, Splunk TAs
• Experience managing complex data, specifically managing role-based access control, configuring roles, and designing data onboarding to support current and future roles
• Experience with Regex and custom scripting
• Expertise in Splunk SPL and python
• Experience with Splunk Premium Apps - ITSI and Enterprise Security (ES) minimally.
• Experience with and very comfortable working in an agile environment
• Strong communication skills
• Ability to collaborate and work efficiently and effectively in a remote environment

Desired skills and knowledge

• Experience with Splunk Premium products and other add-ons - UBA, Qmulos, and Phantom
• Other cybersecurity certification (Security+, CISSP) desirable

Other Requirements:?This position requires that you be vaccinated against Covid-19 unless you need a reasonable accommodation for religion or a health-related need.

Employment Type

Full Time / Permanent

Working Conditions

Business work hours are primarily from Monday through Friday, (day shift) 40-hour week. There will be on-call and some Saturday work that needs to be performed.

Physical Requirements

Employee needs to be able to sit at a workstation for extended periods; use hand(s) to handle or feel objects, tools, or controls; reach with hands and arms; talk and hear. Most positions require ability to work on desktop or laptop computer for extended periods of time reading, reviewing/analyzing information, and providing recommendations, summaries and/or reports in written format. Must be able to effectively communicate with others verbally and in writing. Employee may be required to occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Regular and predictable attendance is essential.

Background Screening/Check/Investigation

Successful Completion of a Background Screening/Check/Investigation will/may be required as a condition of hire.

ADA

RavenTek will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990.

EEO/AA

RavenTek does not discriminate based on race, color, national origin, sex, religion, age, disability, sexual orientation, gender identity, veteran status, height, weight, or marital status in employment or the provision of services and is an equal access/equal opportunity/affirmative action employer.