Incident Response Specialist

About GRIMM Cyber

GRIMM Cyber, a market leader in offensive and defensive tailored cyber security solutions for commercial and government applications, is hiring Incident Response Specialists to help defend NASA enterprise networks against global cyber threats. Since 2013, GRIMM has delivered cybersecurity testing and research to harden avionics and satellite platforms, commercial products and applications, and Federal IT networks to improve cyber resilience. We are looking to grow our team of cyber security professionals committed to client excellence, professional development, and growing technical knowledge for real-world applications.

Value for Candidates

• A very cool mission - you protect the networks and systems that will put Americans back on the Moon
• Strong benefits, from full Blue Cross health insurance to training / annual up-skill budget
• Contract can sponsor and support TOP SECRET/SCI clearances, but not required to start or conduct work - you choose your adventure
• Small team efficiency, minimal overhead, both with our customer and within GRIMM

Role Description

This position is for onsite/in-office delivery of Incident Response (IR) services local to NASA Goddard Space Flight Center (GSFC), in Greenbelt, MD. The Incident Response Specialist will handle cybersecurity incidents, including situational awareness, detection, containment, and response actions. Day-to-day responsibilities include monitoring security alerts, conducting digital forensic investigations, developing strategies for threat mitigation, and creating detailed incident reports. The role requires collaboration with cross-functional teams to ensure the system's defenses are maintained and continuously improved. Work closely with security teams to develop, tune, automate, and enhance network and host-based security devices, support the Security Operations Center (SOC) with managing the response to client Cyber intrusions, perform extensive network and host triage, maintain strict chain-of-custody.

Key Qualifications

We choose curiosity, people who love to tinker and iterate.

• 10+ years of experience in cyber security or information technology disciplines
• 3+ years of Advanced Persistent Threat (APT) hunting, penetration testing, digital forensics, malware reverse engineering, SOC operations, or incident response
• Familiarity with IR tools such as SentinelOne, Splunk, or Microsoft Defender
• Active or current SECRET security clearance
• Excellent problem-solving, analytical, and organizational skills
• Ability to work collaboratively in high-pressure environments
• Bachelor's degree

Stand-out Qualifications

Apply even if you don't fit all of these, we believe in finding the right people and adding qualifications along the way

• OSCP, CCNA-Security, CySA+, GCIH, GICSP, or PenTest+ Certification or similar industry recognized certification.
• Detect and search for MITRE ATT&CK TTPs and common attacker methodologies using PCAP data with tools such as Wireshark
• Analyze Security Information and Event Management (SIEM) alerts to identify security issues for investigation and remediation
• Profile and track malicious actors that pose a threat in coordination with threat intelligence support teams
• Review and analyze security log files from various sources, including cloud, network, endpoint, or ICAM
• TS/SCI clearance

Salary

Base salary range: $110,000 - $150,000