Cyber Hunt & Incident Reponse Analyst
Location:Arlington, VA
Full-time or Part-time:Full Time
Requisition Code:201806-1333
Job Description

Cyber Hunt & Incident Response Analyst – TO 31

? Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, as well as embedded systems and mainframes.

? Monitor open source channels (e.g. vendor sites, Computer Emergency Response Teams, SysAdmin, Audit, Network, Security (SANS) Institute, Security Focus) to maintain a current understanding of Computer Network Defense (CND) threat condition and determine which security issues may have an impact on the enterprise.

? Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.

? Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or

Bro as part of duties performing cyber incident response analysis.

? Track and document CND hunts and incidents from initial detection through final resolution.

? Collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential CND hunts and incidents within the enterprise.

? Perform forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.

? Perform real-time CND hunt and incident handling (e.g. forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Hunt and Incident Response Teams (IRTs).

? Write and publish CND guidance and reports (e.g. engagement reports) on incident findings to appropriate constituencies.

? Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.

? Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities.

? Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.

? May be required to travel up to 25% of time. Minimum Qualifications:

? Bachelor’s degree in a technical discipline with a minimum of 3 years related technical


? Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.

? Familiar with network analytics including Netflow/PCAP analysis.

? Understanding of cyber forensics concepts including malware, hunt, etc.

? Understanding of how both Windows and Linux systems are compromised.

Preferred Qualifications:

? DHS Suitability at the SCI level

Abilities Required:
• While performing the duties of this job the employee is regularly required to sit and use hands to finger, handle, or feel while typing at a computer keyboard.
• The employee is occasionally required to stand, walk, reach, or lift objects up to 10 pounds.
• The employee is frequently required to talk or hear. The vision requirements include: close vision.
EEO Statement
Catapult Consultants is an Equal Opportunity Employer. We believe that every employee has the right to work in a dignified work environment free from all forms of discrimination and harassment. It’s our policy to recruit, employ, retain, compensate, train, promote, discipline, terminate and otherwise treat all employees and job applicants based solely on qualifications, performance, and competence. This policy reflects our belief that providing equal opportunities for all employees is a both our legal and moral responsibility, and good management practice.

All employees and applicants are treated without regard to age, sex, color, religion, race, national origin, citizenship, veteran status, current or future military status, sexual orientation, gender identification, marital or familial status, disability or any other status protected by law.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.