● Engage with affected entities of a cyber incident during the containment and remediation phases. ● Drive the incident remediation and recovery phase. ● Identify and prioritize critical business functions in collaboration with organizational stakeholders. ● Define and prioritize essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event. ● Define appropriate levels of system availability based on critical system functions and ensure that system requirements identify appropriate disaster recovery and continuity of operations requirements to include any appropriate fail-over/alternate site requirements, backup requirements, and material supportability requirements for system recovery/restoration. ● Review and analyze system(s) and architecture(s) against cybersecurity architecture guidelines and best practices, and recommend security services, and security mechanisms to increase the security posture. ● Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. ● Develop cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data primarily applicable to government organizations. ● Analyze how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment. ● Provide advice on design concepts or design changes. ● Determine the protection needs (i.e., security controls) for the information system(s) and network(s) ● Develop a plan to get the affected critical business functions online. ● Develop a strategy to increase the long-term security posture. ● Define a cyber compromise recovery plan and process to eradicate the threat actor and regain control of the environment. ● Develop and document remediation and recovery reports. ● Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans. ● Document the lessons learned from the incident. Required Skills: ● Applying and incorporating information technologies into proposed solutions. ● Designing countermeasures to identify security risks. ● Designing the integration of hardware and software solutions. ● Determining how a security system should work and how changes in conditions, operations, or the environment will affect these outcomes. ● Using virtual private network (VPN) devices and encryption. ● Configuring and utilizing software-based computer protection tools (e.g., software firewalls, antivirus software) and computer protection components (e.g., hardware firewalls, servers, routers, as appropriate). ● Designing multi-level security/cross-domain solutions. ● Using public-key infrastructure (PKI) encryption and digital signature capabilities in applications (e.g., s/mime email, SSL traffic). ● Setting up physical or logical sub-networks that separate an internal local area network (LAN) from other untrusted networks. Applying cybersecurity and privacy principles to organizational requirements. ● Identifying cybersecurity and privacy issues that stem from connections with internal and external partner organizations. ● Implementation and recovery of active directory forests including authentication services such as active directory federation services and active directory certificate services. ● Troubleshooting Active Directory Replication (AD), Group Policy, DFS Replication (DFSR), supporting complex multi-forest AD topologies, authoring and triaging Group Policies in large, regulated environments, ability to identify defects or misconfiguration in AD services ● Understanding and Troubleshooting Windows Server Operating System (OS) Roles. ● Administering, Backup/Recovery, and Troubleshooting Virtualization Platforms, Exchange, SQL Servers, and Windows Servers. ● Microsoft Azure Infrastructure (IaaS) management and deployment: Virtual Machines, Storage, Networking. ● Troubleshooting Hybrid Identity Including Active Directory, Azure AD, and technologies such as Azure AD Connect, and Azure AD Password Protection. ● Utilizing SIEM and SOAR platforms such as Microsoft Sentinel, Splunk, and QRadar. ● Utilizing Microsoft Security solutions – Endpoint security, cloud security, and identity. ● Security Software Deployment at scale including troubleshooting and support for various identity platforms and solutions. ● Analyzing security telemetry in relation to alerts and incidents.
