Principal Threat Hunter (Principal Cyber Security Analyst)

About The Position

Requirements

• Bachelor's degree or equivalent training and experience in a computer-related field and at least 8 years of related experience.
• Experience with structured analytic techniques (e.g., Diamond Model, Cyber Kill Chain) and a proven understanding of the MITRE ATT&CK framework.
• Experience with Open-Source Intelligence (OSINT) and closed intelligence sources.
• Experience analyzing raw data points from technical security controls, including web proxy, firewalls, IPS, IDS, and enterprise antivirus solutions.
• Experience with engineering security detections and response technology integration (SOAR & SIEM) and Threat Intelligence Platform (TIP) product ingestion.
• Experience with link analysis tools.
• Familiarity with agile project management fundamentals.
• Familiarity with compliance frameworks, security best practices, and product security baselines.
• Experience using configuration management tools in a production environment.
• Strong IT background, including networking fundamentals and systems.
• Considerable organization and project management skills.
• Ability to maintain strict confidentiality.
• Effective communication skills in English, both verbally and in writing.

Responsibilities

• Develop and manage an enterprise threat hunting program.
• Support and perform all phases of the incident response life cycle: preparation, analysis, containment, eradication, remediation, recovery, and post-incident activity.
• Manage programs and oversee processes in support of cyber threat intelligence analysis.
• Mentor and train junior analysts and assist with prioritizing and completion of tasks.
• Identify and prioritize cyber threats using open and closed source research into suspicious activity.
• Maintain awareness of trends and risks affecting the organization related to geopolitics and the cyber threat landscape.
• Create and deliver written and verbal products that provide actionable intelligence to cyber defense teams and organizational leaders.
• Review current Cyber Security threat information and assist the Threat Evaluation Team with mitigating identified vulnerabilities.
• Collaborate with outside Cyber Security interests such as Counterintelligence, other DOE sites, US CERT, and law enforcement.
• Assist with data calls, FISMA reporting, compliance scanning and reporting, continuous monitoring, and compiling reports for auditors.
• Perform other duties assigned by Management.