Computer Security Incident Detection and Response. Provide support and expertise in the area of computer security incident detection, response, investigation, and reporting.
Forensic tools are kept up to date and are well maintained.
All Forensic investigations are conducted and reported in accordance with established procedures
Incident detection and response systems and components are well-maintained and current
Availability of Incident detection and response systems/components
Incident detection and response systems are adjusted accordingly to address new threats
Incident detection and response activities are reported according to Departmental and Federal Guidelines
Emergency response procedures are followed per standard operating procedures
At least one year experience in IT Customer/user Service either in person over the phone or both
At least two years experience in a network environment performing computer security activities such as incident analysis and response threat analysis and mitigation vulnerability assessment or computer forensics
At least one year experience with deployment and maintenance of industry standard information security technology products such as IDS, SIM/SEM, VPN, Forensic Tool, Security event logs etc...
Tools / Hardware used:
Security Management and correlation tools (nice to have)
Wired and Wireless IDS (familiarity)
Windows Security Event log and Unix Syslog review
Firewall log monitoring (Nice to have)
Software/Hardware used:
Intellitactics or ArcSight security management products (Nice to have)
AirDefense wireless IDS (Nice to have)
ISS wired IDS (Nice to have)
Windows, Sun Solaris, and Checkpoint
