Catapult Consultants is now hiring a Principal Cyber Network Security Analyst to support one of our customers.Key Responsibilities: Perform technical analysis on a wide range of cybersecurity issues, with a focus on network activity and data; this includes, but is not limited to: network flow (ie netflow) or related forms of session summary data, signature-based IDS alert/event data, full packet capture (PCAP) data, proxy and application server logs (various types)Triage IDS alerts, collect related data from various network analysis systems, review available open and closed source information on related threats & vulnerabilities, diagnose observed activity for likelihood of system infection, compromise or unintended/high-risk exposure. Prepare analysis reports detailing background, observables, analysis process & criteria, and conclusionsAnalyze large volumes of network flow data for specific patterns/characteristics or general anomalies, to trend network activity and to correlate flow data with other types of data or reporting regarding enterprise-wide network activityLeverage lightweight programming/scripting skills to automate data-parsing and simple analyticsDocument key event details and analytic findings in analysis reports and incident management systemsIdentify, extract and characterize network indicators from cyber threat intelligence sources, incident reporting and published technical advisories/bulletinsAssess cyber indicators/observables for technical relevance, accuracy, and potential value/risk/reliability in monitoring systemsRecommend detection and prevention/mitigation signatures and actions as part of a layered defensive strategy leveraging multiple capabilities and data typesDevelop IDS signatures, test and tune signature syntax, deploy signatures to operational sensors, and monitor and tune signature and sensor performanceFuse open-source threat & vulnerability information with data collected from sensors across the enterprise into cohesive and comprehensive analysisProvide technical assessments of cyber threats and vulnerabilitiesCommunicate and collaborate with analysts from other SOC organizations to investigate cyber eventsProduce final reports and review incident reports from junior analystsMonitor and report on trends and activity on network sensor platformsProduce and update technical analysis documentation (processes, procedures, analysis criteria, report templates, etc.)Basic Qualifications: To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:Working knowledge of security concepts, protocols, processes, architectures and tools (vulnerabilities, threats and exploitation, authentication & access control technologies, threat intelligence data and sources, WHOIS and DNS referential data and sources, intrusion detection/prevention capabilities, network traffic analysis, SIM technology, incident handling, media/malware analysis, etc)Working knowledge of networking concepts, protocols and architectures (OSI-model, TCP/IP, major application protocols such as DNS/HTTP/SMTP, LAN/WANs, VPNs, routers/routing, addressing, etc)Detailed knowledge of intrusion detection engines, capabilities and signature formats in general, with a specific focus on Snort/Sourcefire variations and regular expressions (REGEX)Knowledge of cyber policy & issues, the global cyber community, roles of major organizations how they interrelate and interact, and challenges in these structuresAwareness of the common cyber products and services, an understanding of their limitations, and a comprehensive understanding of the disciplines of cybersecurityAbility to produce results in a fast-paced environment with the ability to meet iterative deadlinesPreferred Skills: Candidates with these preferred skills will be given preferential consideration:Experience working within the Federal government technology community a plusDODD 8570 Level II certification (SANS certifications, CISSP)Experience leading and managing within SOC/NOC operationsFamiliarity with Kill Chain for incident responseFamiliarity with incident response products and best practicesExperience with database (eg MS Access, SQL) and/or portal administration (eg SharePoint)Required Education and years of experience: Bachelors Degree in Computer Science or a related technical field and a minimum of 5 years related technical experience. An additional 4 years of experience may be substituted in lieu of degreeClearance Level: Active Top Secret Security Clearance with SCI eligibility is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employmentPowered by JazzHRDv4XDsW8UKby Jobble