Cyber Threat Hunt Analyst

About The Position

Requirements

• Have a bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field with 8 years of work experience. Additional years of experience are accepted in lieu of degree.
• Possess a minimum of 5 years of professional experience in incident detection and response, malware analysis, or cyber forensics.
• Have 2+ years recent experience with host-based and network-based security monitoring using cybersecurity capabilities.
• Must be experienced developing scripts to support cyber threat detection that outputs results in a variety of formats, such as VB scripts, Python, C++, HTML, XML or other.
• Established experience with incident response and SIEM tools, host-based logs, network-based logs, and regex.
• Ability to work independently with minimal direction; self-starter/self-motivated.
• Required certifications: The candidate should have at minimum ONE of the following certifications: CompTIA Cyber Security Analyst (CySA+) CompTIA Linux Network Professional (CLNP) CompTIA Pentest+ CompTIA Cybersecurity Analyst (CySA+) GPEN – Penetration Tester GWAPT – Web Application Penetration Tester GSNA – System and Network Auditor GISF – Security Fundamentals GXPN – Exploit Researcher and Advanced Penetration Tester GWEB – Web Application Defender GNFA – Network Forensic Analyst GMON – Continuous Monitoring Certification GCTI – Cyber Threat Intelligence GOSI – Open Source Intelligence OSCP (Certified Professional) OSCE (Certified Expert) OSWP (Wireless Professional) OSEE (Exploitation Expert) CCFP – Certified Cyber Forensics Professional CISSP – Certified Information Systems Security CEH – Certified Ethical Hacker CHFI – Computer Hacking Forensic Investigator LPT – Licensed Penetration Tester CSA – EC Council Certified SOC Analyst (Previously ECSA – EC-Council Certified Security Analyst) ENSA – EC-Council Network Security Administrator ECIH – EC-Council Certified Incident Handler ECSS – EC-Council Certified Security Specialist ECES – EC-Council Certified Encryption Specialist
• All Department of Homeland Security CBP SOC employees are required to favorably pass a 5-year (BI) Background Investigation
• The candidate must currently possess a Top Secret Clearance with the ability to obtain a Top Secret/SCI Clearance

Nice To Haves

• A minimum of 7 years of hands-on experience with experience in the last 2 years that includes host-based and network-based security monitoring using cybersecurity capabilities.
• Previous DOD, IC or Law Enforcement Intelligence or Counterintelligence Training/Experience
• Demonstrated experience planning and executing threat hunt missions.
• Understanding of complex Enterprise networks to include routing, switching, firewalls, proxies, load balancers.
• Working knowledge of common (HTTP, DNS, SMB, etc) networking protocols
• Familiarity with operation of both Windows and Linux based systems.
• Proficient with scripting languages such as Python or PowerShell
• Familiarity with Splunk Search Processing Language (SPL) and/or Elastic Domain Specific Language (DSL)

Responsibilities

• Will conduct cyber threat analysis, identifying mitigation and/or remediation courses of action; developing actionable intelligence used to protect organizational IT assets; and trending cyber threat metrics for leadership situational awareness.
• Utilize Threat Intelligence and Threat Models to create threat hypotheses for threat hunts.
• Identify, track, and investigate high priority threat campaigns, malicious actors with the interest, capability and Tactics, Techniques, and Procedures (TTPs).
• Utilize Cyber Threat Intelligence to execute ad hoc threat hunts on agency assets, networks, and systems to identify threat activity that may evade endpoint detection tools.
• Utilize the MITRE ATT&CK framework to understand TTPs of adversaries, threat actors, APTs, and threats targeting the customer agency and organize threat hunts around ATT&CK techniques and sub-techniques.
• Responsible for maintaining a comprehensive understanding of the cyber threat landscape, including identifying and analyzing cyber threats actors and/or activities to enhance cybersecurity posture of the organization’s IT operating environment.
• Prepare and report risk analysis and threat findings to appropriate stakeholders.
• Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation.
• Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise.
• Plan, scope, and execute Threat Hunt Missions to verify threat hypotheses, deconflict findings, and escalate as necessary.
• Proactively and iteratively search through systems and networks to detect advanced threats.
• Analyze host, network, and application logs in addition to malware and code.
• Will be responsible for developing scripts to support cyber threat detection that outputs results in a variety of formats, such as VB scripts, Python, C++, HTML, XML or other type most appropriate for the task.
• Produce high quality technical and non-technical products, briefings, whitepapers, etc., with minimal supervision and emphasis on effective/accurate reporting on product topics.
• Maintain the daily battle rhythm for the Cyber Threat Hunt team with an emphasis on adherence to deadlines, attention to detail, and clear/concise communication with the customer and stakeholders.
• Implementing defined procedures for remediation or make an informed decision to escalate.
• Maintain the daily battle rhythm of threat hunts and Cyber Threat Hunt reporting.
• Author technical and non-technical reports and briefings to ensure leadership awareness of findings and observations.
• Create daily, weekly, and monthly reports and metrics for products and briefings.
• Process technical data from various sources and fuse the data with intelligence reporting to improve the security posture of the customer, as well as manage Threat Hunt tools.

Benefits

• Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement.