Incident Response Analyst

The Incident Response Analyst will support our law enforcement customer by providing cyber situational awareness and threat monitoring services. Responsibilities include monitoring, event detection, and threat reporting for the DOJ’s enterprise networks and systems. User Activity Monitoring (UAM) support will be provided to improve, expand, operate, and maintain the products used to implement the Insider Threat Prevention and Detection Program. The contractor shall analyze threats against the environment and implement a metrics-based method of providing situational awareness. The contractor will also create complex correlation rules and/or triggers in the Enterprise Security Incident Event Management (SIEM) system(s), based on correlations made from multiple log sources. Change requests will be developed and documented to improve the efficiency and effectiveness of DOJ capabilities to detect, analyze, and report events and incidents. The Incident Response Analyst will engage with stakeholders to determine solutions to protect sensitive DOJ information and engage with product vendor technical teams to resolve issues and track requirements. They will also Define, advance and drive implementation of UAM to support DOJ’s strategic direction.