Incident Response Support Specialist

Catapult Consultants is currently looking to hire an Incident Response Support Specialist supporting one of our customers based in Morrisville, NC; but this position can also be remote.

Description:

• The successful candidate will demonstrate ability to establish priorities, manage shifting priorities, and handle numerous time-sensitive projects with multiple deadlines
• Ability to accomplish goals working through formal and informal channels, with diplomacy and tactfulness
• Demonstrated solid planning and organizational skills
• Demonstrated experience working independently and as part of a team
• Weekday shift (M-F, 7AM-4PM) personnel can be remote.

Responsibilities:

• Implement a dynamic, advanced Risk-Based Alerting (RBA) security framework
• Create and test detections written in advanced Splunk Programming Language (SPL)
• Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, Linux, as well as embedded systems and mainframes.
• Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
• Leverage tools including Splunk, Tanium, FireEye suite as part of duties performing cyber incident response analysis.
• Act as an observer to Red Team penetration testing exercises and collaborating with Cybersecurity Operations Center (CSOC)
• Correlate event or incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
• Work with a diverse team of analysts in conducting incident triage, incident handling, and remediation.

Experience:

• 3+ years' experience with Incident Response, Threat Hunting, Splunk, Microsoft Defender, MITRE ATT&CK Framework, Threat Intelligence Platforms, Endpoint Security Services
• Experience with host level scripting, e.g. PowerShell.
• Experience with conducting threat hunts using and adhering to the MITRE ATT&CK framework.
• Experience in working with one or more Cloud Platforms
• Familiarity with cybersecurity operation center functions
• Linux Administration and monitoring
• Windows Administration and monitoring
• Splunk experience
• Experience with Security framework and can interpret use cases into actionable monitoring solutions

Required Skills and/or Experience:

Clearance Level: Must be eligible to obtain a sensitive clearance - Position of Public Trust - and may be required to obtain a higher security clearance.

Desired types of Skills, Knowledge, and Experience:

• Security Information and Event Management (SIEM) systems.
• Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS).
• Host Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS).
• Network and Host malware detection and prevention.
• Network and Host forensic applications.
• Web/Email gateway security technologies.
• Sysmon.
• Log aggregation tools.

Education Requirements:

Bachelor's degree in an information technology discipline or equivalent IT experience Required.

About Catapult

Catapult Consultants is a global, professional services and management consulting company specializing in advanced business analytics and information systems solutions. We support mission-critical programs in the Defense, Civilian, and Intelligence Community sectors.

Our firm provides innovative and award-winning solutions to nationally recognized clients. Catapult Consultants utilizes our proven development and workflow methodology to support our customer base of government and non-profit clients. Our innovative solutions are designed to achieve results that improve the efficiency and effectiveness of operations. Our management team has extensive experience in all aspects of technology consulting.

Catapult Consists of the highest, technically-qualified personnel with proven backgrounds in providing outstanding past performance and quality service to the Federal Government. Catapult's professionals have served as hands-on, working members of various Federal executive, middle management, and professional staff teams, assisting them through their complex missions.

COVID-19 considerations:
We follow the federal law requirement for all employees to be vaccinated against COVID-19. While this requirement's compliance deadline is suspended currently, we will keep our employees and applicants updated when it is resolved.

Powered by JazzHR

bZFrDX1I4M