Threat Hunter / Public Trust

About The Position

Requirements

• Bachelor’s degree and 5 years of experience, or 3 years of experience with a Master’s. An additional 4 years of experience will be considered in lieu of degree.
• Demonstrated experience in threat hunting or network/cloud forensics.
• Proven ability to develop and recommend corrective actions.
• Expertise, knowledge, and experience integrating new architectural analysis of cyber security features.
• Comfortable interfacing with external entities including law enforcement, intelligence and other government organizations and agencies.
• U.S. citizenship is required.
• Active Public Trust security clearance required.

Nice To Haves

• Experience using Databricks.
• Experience using Artificial intelligence (AI) and large language models (LLMs).
• Possess one of the following certifications: CCNA-Security, CND, CySA+, GICSP, GSEC, Security+ CE, or SSCP
• Ability to create, troubleshoot, configure and operate complex scripting solutions with the ability to output the results in a variety of formats (e.g. HTML, XML, etc.) and to re-purpose the results for reports targeting different technical levels (e.g. other analysts, management, etc.).

Responsibilities

• Conduct technical analysis of network traffic to identify anomalies, which may represent potentially malicious activity, and document the analysis in prescribed formats.
• Monitor and understand emerging threats, and the ability to define the technical vulnerabilities and exploits that could present a threat to government networks, and then perform analysis on the emerging capabilities/exploits, and document the analysis in prescribed formats.
• Monitor IDS/IPS alerts, analyze associated network traffic, and document the analysis in prescribed formats.
• Report detected incidents to agency, work toward resolution, and escalate when required according to SOP.
• Development of detection signatures based on indicators and analysis.
• Testing of detection signatures to determine successful detection and level of false positives.
• Deployment of detection signatures based on SOPs.
• Conduct technical analysis of data from partners, constituents, and monitoring systems to understand the nature of attacks, threats, and vulnerabilities.
• Assist with the development of mitigation strategies.
• Deploy to provide on-site support and assistance in the event of an exercise or cyber incident.
• Identify and document network-based tactics, techniques, and procedures used by an attacker to gain unauthorized system access.
• Participate in inter-agency sponsored community of interest analysis groups, and technical briefings and exchanges.

Benefits

• Employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.