The Incident Response & Forensic Analyst provides support to the Department of Health and Human Services, Indian Health Service (IHS). This position will utilize organizational security tools to facilitate Threat Hunting and Detection activities. This position is 100% remote.  

Chickasaw Nation Industries, Inc. serves as a holding company with multiple subsidiaries engaged in several lines of business (Technology, Infrastructure & Engineering, Health, Manufacturing, Public Safety, Consulting, and Transportation) for the federal government and commercial enterprises. A portion of our profits is used to support Chickasaw citizens. We are proud to support the economic development and long-term viability of the Chickasaw Nation and its people. CNI offers premium benefits eligible on the first day of hire to full time employees; (Medical - Dental – Vision), Company Life Insurance, Short-Term and Long-Term Disability Insurance, 401(K) Immediate Vesting, Professional Development Assistance, Legal Aid Assistance Program, Family Planning / Fertility Assistance, Personal Time Off, and Observance of Federal Holidays.

As a federal contractor, CNI is a drug-free workplace and adheres to the Federal Controlled Substance Act.   

ESSENTIAL REQUIREMENTS

• Must be able to obtain and maintain a Public Trust clearance.  
• Required certifications: Security+, Network+, Server+, Linux+ or higher level.  
• Preferred certifications: CISSP, SANS GIAC, MCSE, CCNA, SSCP.
• Experience with cyber threat hunting, to include hunting IOCs such as IP addresses, domains, hashes, artifacts, tools, and TTPs using efficient, accurate queries. 
• Experience with threat detection engineering, to include assessing threats, vulnerabilities, and TTPs to write applicable detections for alerting, reporting, and continuous monitoring. 
• Experience assessing new products, tools, and services to improve organizational security posture and fill gaps. 
• Experience communicating and working with teams in different functional areas and collaborating with cross-functional teams to mitigate and remediate incidents, perform requests for information, and communicate threats and risk. 
• Experience briefing senior leadership, to include writing detailed reports using clear language to communicate risks, gauge confidence, and make recommendations as necessary. 
• Experience functioning as a team lead or other supervisory experience in cybersecurity is preferred. 
• Experience operating within a cyber threat intelligence program, to include assessing intelligence for relevance, fidelity, risk, and impact, and incorporating threat intelligence into detections, hunts, and reporting. 
• Experience implementing concepts from cyber threat modeling frameworks like MITRE ATT&CK and the Cyber Kill Chain in threat hunts, detection engineering, reporting, and assessment of security posture and defense gap analysis. 
• Experience using SIEM, SOAR, and EDR tools, to include building detections, alerts, reports, dashboards, tools, and automations, as well as tuning existing features and implementing threat intelligence into platform threat intel management features. 
• Experience with cybersecurity incident response, to include identification/validation of an incident, assessment of risk and exposure, collection and analysis of forensic artifacts, mitigation and remediation, and briefing and reporting to leadership. Past experience responding to a major incident is preferred. 
• Proficiency with organizational security tools (i.e. Splunk, CrowdStrike, XDR, XSOAR) to facilitate Threat Hunting and Detection activities. 
• Proficiency with SIEM tools, Splunk Enterprise Security preferred with Splunk SPL querying language skills.
• Proficiency with EDR tools, CrowdStrike and Palo Alto XDR preferred.
• Proficiency with IDS tools, Extrahop preferred.
• Proficiency with SOAR tools, Palo Alto XSOAR preferred. 
• Proficiency with vulnerability management platforms as a user, Tenable preferred. 
• Proficiency with digital forensics tools, Encase preferred.
• Proficient in general computer networking concepts, IP/IPv6 subnetting/CIDR, TCP/IP ports and protocols, network services, and firewalls.
• Proficient in Microsoft Active Directory and Microsoft 365 concepts, architecture, and overall function in an enterprise environment.
• Proficient with Microsoft Windows operating systems and command line, including PowerShell.
• Working knowledge of Linux operating systems and command line.

KEY DUTIES AND RESPONSIBILITIES

Essential Duties and responsibilities include the following. Other duties may be assigned. 

• Monitors IT defense perimeter and scanning infrastructure and communicates security events and incidents to applicable Computer Emergency Response Team personnel and/or management. 

• Monitors and analyzes the output from various security perimeter monitoring devices and recommends security actions per procedures where required. 

• Responds quickly and effectively to incidents and customer requests to a successful resolution. 

• Exercises multi-tasking skills by managing events in multiple systems, applications, and other priorities.  

• Collects, summarizes, and chronologically documents security event information.  

• Manages and escalates security events according to customer service level agreements. Assist with post-mortem analysis when security breaches or viral outbreaks occur. 

• Utilizes organizational security tools (i.e. Splunk, CrowdStrike, XDR, XSOAR) to facilitate Threat Hunting and Detection activities. 

• Investigates and/or responds to security tool alerts and logs. 

• Ownership of event(s) that require remediation from beginning to end resolution. 

• Researches new and/or emerging industries threats. 

• Recommends proactive preventative measures for new and/or existing threats. 

EDUCATION AND EXPERIENCE

Bachelor's degree and a minimum of six (6) years’ relevant experience, or equivalent combination of education/experience.

PHYSICAL DEMANDS

Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus.  Exposed to general office noise with computers printers and light traffic.  

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job.

EOE including Disability/Vet

The estimated pay range for this role is $80K to $105K, with the final offer contingent on location, skillset, and experience. 

CNI offers a comprehensive benefits package that includes:

• Medical
• Dental
• Vision
• 401(k)
• Family Planning/Fertility Assistance
• STD/LTD/Basic Life/AD&D
• Legal-Aid Program
• Employee Assistance Program (EAP)
• Paid Time Off (PTO) – (11) Federal Holidays
• Training and Development Opportunities

Your application submission will be considered for all potential employment opportunities with Chickasaw Nation Industries (CNI).