SkyePoint Decisions
Incident Response Analyst
SkyePoint Decisions, Durham, North Carolina, United States, 27703
Incident Response Analyst Job Location US-NC-Raleigh/Durham ID 2024-2819 Job Type Contingent Upon Prime/Customer Acceptance Category Cyber and Information Security Overview SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider headquartered in Dulles, Virginia with operations across the U.S. We provide innovative enterprise-wide solutions as well as targeted services addressing the complex challenges faced by our federal government clients. Our focus is on enabling our clients to deliver their mission most efficiently and effectively - anytime, anywhere, securely. We combine technical expertise, mission awareness, and an empowered workforce to produce meaningful results. As a SkyePoint employee you will be given the opportunity to support some of our nation's most critical information systems by utilizing not only your existing cybersecurity skills and talents, but those that you will learn in your new role. In your new role as a cyber security professional, you will protect our customer's most sensitive data and complex systems from all forms of threats including cyber-attacks, insider threats, rogue network devices, and malicious software and applications. You will work with a team of like-minded professionals to share and collaborate upon your ideas to improve the cybersecurity infrastructure, architecture, and configuration deployments. Your ideas and contributions will matter. This is a contingent position based upon customer approval. Responsibilities SkyePoint Decisions is seeking a highly motivated team member to fill the role of an Incident Response Analyst. This position plays a crucial role in protecting the organization's information systems and networks from cyber threats. You will be responsible for monitoring, detecting, analyzing, and responding to security incidents. This position is located in the Raleigh-Durham area but is remote, working the hours of 9:30 AM - 6:00 PM ET. Performs security incident response duties for a federal agency incident response center. Mentors junior analysts in standardized incident handling processes. Assists in the triage, investigation, and closure of incident tickets. As part of the triage and investigation processes, the individual will use various tools to determine the validity, cause, and extent of reported security incidents. Tools include intrusion detection and various threat analytics tools. Provides knowledge and expertise in tools, techniques, countermeasures, and trends in computer and network vulnerabilities and threats. Assists with creation of playbooks and standard operating procedures. Participates in rotating on call schedule for after-hours alerts/incidents. Investigating notable events from Splunk and Microsoft 365 Defender. Participate in incident response tabletop exercises. Qualifications Required Qualifications: BS or equivalent 5 years related experience, or MS 3 years related experience. Must have CompTIA Security and CompTIA Cyber Security Analyst or equivalent. Hands-on experience with Splunk Enterprise Security performing searches and reviewing log sources. Must have recent hands-on experience with incident response life cycles including analysis, containment, eradication, recovery, and post incident activities. Must be a motivated, self-starter with a passion to learn and willingness to assist other team members as needed. Must be technical, a quick learner, detailed oriented, independent, resourceful, and with an analytical mindset. Requires ability to pass a Public Trust suitability determination investigation. Preference will be made to individuals with a current or recent security clearance or Public Trust investigation. Proximity to Raleigh NC. Must be a U.S. Citizen. Preferred Qualifications: Experience using: Microsoft Security Defender Advanced Threat Protection, Microsoft Office 365, Microsoft Azure AD and Microsoft Cloud App Security. Experience in open-source tools for the use in investigating malware incidents. Experience using ServiceNow service management/ticketing system is desirable. Prior performing incident response in support of a federal government agency is desirable. Microsoft, Splunk certifications, GIAC Certified Incident Handler (GCIH), EC-Council Certified Incident Handler (ECIH), EC-Council Certified Ethical Hacker (CEH) or other senior level certifications are highly desirable. Experience with creating Splunk content, dashboards, reports, and tuning existing alerts highly desired. PowerShell, Python, etc. scripting experience is nice to have. Network Packet capture (PCAP), report writing, remote forensics, Splunk UBA and Splunk SOAR experiences are nice to have. What We Can Offer You: At SkyePoint, we go B.I.G. (beginning in GRATITUDE) by recognizing all we have and giving back to our employees, families, and communities. It instills a positive mindset that permeates all we do. By beginning in gratitude, SkyePoint can continue to spread living in gratitude each day. Great Benefits: Several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs], Flex Spending Accounts [FSAs], Full Dental Plans, ST/LT Disability, Life Insurance, floating federal holiday options, and 401k matched Certificate Incentive Program: To promote professional development, we recognize and reward employees who obtain new certifications aligned with business needs. SkyePoint DoD SkillBridge Industry Partner Fellowship Program Flexible Work Environment Compensation: Salary Range: TBD The SkyePoint Decisions salary range for this position is a general guideline only. It represents an estimated range for this position and is just one piece of our total compensation package. Salary at SkyePoint is determined by various factors, including but not limited to location, work schedule, the candidate's combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability, market data and business considerations. In addition to a competitive salary, SkyePoint offers benefits including a certification incentive program, PTO, floating federal holiday options, several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs], Flex Spending Accounts [FSAs], Full Dental Plans, Vision, ST/LT Disability, Life Insurance, and 401k matched. SkyePoint Decisions is an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 for Services and Development. We possess a common vision of excellence and foster a collaborative team culture built upon individual performance and accountability. We invest in our people and systems to create value for our clients. It is the SkyePoint Way. We are grateful for the opportunity to work with exceptional people and give back to the communities we serve. Our employees value the flexibility at SkyePoint that allows them to balance quality work and their personal lives. Please be aware of recruiting scams and people claiming to be from SkyePoint Decisions. For more information, please see the Welcome Page of our Careers site. Skyepoint Decisions is a participating E-Verify Employer. U.S. Citizenship is required for most positions. Equal Opportunity Employer/Veterans/Disabled.