Cyber Incident Response Cover Letter

I submit this application to express my sincere interest in the cyber incident response position.

In my previous role, I was responsible for strategic technical and operational guidance to the SOC/CIRT; accountable for oversight of security monitoring, event analysis, triage/escalation, and incident response teams and activities.

Please consider my experience and qualifications for this position:

• Conduct root cause analysis to identify gaps and recommendations ultimately remediating risk
• Gather and analyze forensic evidence for computer security incidents
• Experience in conducting time-sensitive, single-topic threat analyses
• Demonstrable knowledge and documented experience relating to cyber intelligence threat analysis involving actual and alleged instances of information collection or physical damage/ system compromise
• DoD 8570 IAT III certification and CND-Analyst
• Experience leading large heterogeneous enterprises with global reach
• Executive level technical writing-comfort developing reports/briefs for ELT and BoD
• Subject Matter Expert knowledge of Defense-in-Depth models traditional and updated

I submit this application to express my sincere interest in the cyber incident response position.

In the previous role, I was responsible for detection and response to security events and incidents within the Bechtel Enterprise Network.

Please consider my qualifications and experience:

• Understanding of SIEM architecture and fundamentals of data correlation
• Experience writing formal reports and informational briefings
• Strong logic skills regarding the interconnectivity of systems, software and networks
• Familiarity with log analysis
• Demonstrated experience managing experienced staff in the implementation of the Information Security strategy
• Demonstrated experience in the identification, plan for resolution and execution of action plans for complex problems in a regulated environment
• Demonstrated experience with networks (WAN, LAN, WLAN), network domains (Internet, intranet, DMZ), communication techniques/protocols (IP and others), and their combined effects on network and host systems security
• Current CISSP, SSCP, GCIA, Security+, Network+, or Certified Ethical Hacker (CEH) Certification preferred

In response to your job posting for cyber incident response, I am including this letter and my resume for your review.

Previously, I was responsible for support responding to alerts and entering trouble tickets, monitor for network security events, complete pre-defined security analysis activities, perform Level 1 security diagnostics and escalate issues according to standard operating procedures.

I reviewed the requirements of the job opening and I believe my candidacy is an excellent fit for this position. Some of the key requirements that I have extensive experience with include:

• Subject Matter Expert knowledge of developing highly functional operational teams that execute at exceptional levels
• Active DOD Top Secret clearance or above
• Experience and proficient knowledge of security areas such as Auditing, Policy, Database Security, Firewall Design and Implementation, Risk Analysis, Identity Management, Access Management, or Web Services
• Experience implementing security procedures and standards
• Manage and oversee incident detection, containment, eradication, and recovery procedures
• Leverage Service Monitoring, Application Monitoring Technology Infrastructure teams to develop a holistic view through the aggregation and distribution of security information
• Creates value and opportunity by leveraging innovative approaches and personally invests in driving superior results
• Threat analysis and research techniques

I would like to submit my application for the cyber incident response opening. Please accept this letter and the attached resume.

In the previous role, I was responsible for guidance on network incident investigations to determine the root cause of the security incident and preserving evidence for potential legal action.

I reviewed the requirements of the job opening and I believe my candidacy is an excellent fit for this position. Some of the key requirements that I have extensive experience with include:

• How to develop briefs for InfoSec leadership
• How to prioritize and perform quick risk assessments
• How to read technical reports and drive decisions based on their content
• Technical skills necessary analyze malware, hard drives and adversary techniques and tools
• Exposure to all other groups within InfoSec and IT
• Exposure to malware and malware analysis techniques (PCAPs, API hooks, IDA Pro, Win Hex)
• Experience with programming in Python 2/3 —knowledge of Ruby and C/C++ a bonus
• Experience working with common data formats (XML, JSON)

I am excited to be applying for the position of cyber incident response. Please accept this letter and the attached resume as my interest in this position.

Previously, I was responsible for insights and guidance to the Cyber Security Department, Global Security Operations Center (G-SOC), Incident Response, Security Solution Engineering, and Governance & Project Delivery teams.

I reviewed the requirements of the job opening and I believe my candidacy is an excellent fit for this position. Some of the key requirements that I have extensive experience with include:

• Experience working with commercial and open source security tools - Penetration testing experience
• Working knowledge of Cybersecurity tools (IPS, AV, Firewall)
• Experience with operations processes, such as Six Sigma and a strong understanding of incident, problem, and change management is preferred
• GIAC Network Forensic Analyst (GNFA)
• Supporting our customers in proactively planning for and defending against a variety of cyber threats using both commercial and custom technology and threat intelligence sources
• Performing in-depth forensic analysis on captured logs, network traffic collections, volatile memory or host images to identify and trace breach indicators and develop actionable threat intelligence
• Forensically securing, preserving, and capturing volatile or physical disk data from workstations, laptops, servers, and network infrastructure devices thereby establishing that the evidential integrity of the data is not compromised
• Drafting reports and presentations to explain our findings and recommendations