Duties and Responsibilities: The Enterprise Assurance Incident Response Team's (EAIRT) duties include developing, implementing, managing, and maintaining a highly efficient EITS Enterprise-wide incident response capability to provide reporting, response, analysis, and recovery The EAIRT will coordinate reported EITS incidents with appropriate DOE entities to include JC3-CIRC, CTFO, and CFL The EAIRT also responds to EITS-managed systems infected with computer viruses, malware, and related threats and provides technical assistance in clearing unclassified systems contaminated with classified data They escalate key incidents to the Tier III incident management groups and support Tier III incidents as requested Support Qualifications: A Bachelor's degree in Engineering, Computer Science, or a mathematics-intensive discipline that provides substantial knowledge and skill in engineering large, complex projects with a minimum 10 to 15 years of intensive, progressive, and relevant experience MSCE, RHCE, GCIH, or CISSP Certifications are preferred Strong oral and written communication skills Experience working with Incident Response involving threat actors and working ongoing pervasive intrusion sets Prior experience working in one of the following: Leveraging common scripting languages (like Perl) to parse logs, automate processes, and integrate systems Providing Network Security Monitoring support as part of the 24x7 Security Operations Center Experience performing 'deep dive' analysis and correlation of log data from multiple sources Performing day-to-day system analyst activities for enterprise cyber security solutions Experience in computer network defense and in-depth technical knowledge / mastery with intrusion detection systems Technical Requirements: Experience with McAfee ePolicy Orchestrator Strong understanding of TCP/IP networking including knowledge of protocols and services Capable of interpreting packet captures Administrator-level knowledge of OS basics Prior experience leveraging common scripting languages (Visual Basic, Power Shell, BASH, and Perl) to parse logs and automate repeatable procedures Experience with log analysis, event correlation, and incident management procedures and systems Desired Background (some of the following): IT Operations experience Experience monitoring web proxies Prior experience writing and maintain technical system documentation, software development guides, standard operating procedures, and configuration management guides An ideal candidate will have an aptitude for learning; be self-directed; and capable of working in a fast paced operational environment