Cyber Threat Hunter (Mid-Level) - Public Trust
Company: cFocus Software Incorporated
Location: Washington
Posted on: November 8, 2024
Job Description:
cFocus Software seeks a Cyber Threat Hunter (Mid-Level) to join
our program supporting United States Courts, Information Technology
Security Office in Washington, DC. This position requires US
Citizenship and the ability to obtain a Public Trust
clearance.Qualifications:
- Bachelor's Degree or equivalent experience in a computer,
engineering, or science field.
- Ability to obtain a Public Trust clearance.
- US Citizenship
- Hold active certifications such as GCIA or GCIH or GSEC or
GMON, and Splunk Core Power User.
- 5+ years of relevant experience.Duties:
- Identifies, deters, monitors, and investigates computer and
network intrusions.
- Provide computer forensic support to high technology
investigations in the form of evidence seizure, computer forensic
analysis, and data recovery.
- Monitor and assess complex security devices for patterns and
anomalies from raw events (DNS, DHCP, AD, SE logs), tag events for
Tier 1 & 2 monitoring.
- Conduct malware analysis in out-of-band environment (static and
dynamic), including complex malware.
- Accept and respond to government technical requests through the
AOUSC ITSM ticket (e.g., HEAT or Service Now), for threat hunt
support.
- Threat hunt targets include cloud-based and non-cloud-based
applications such as: Microsoft Azure, Microsoft O365, Microsoft
Active Directory, and Cloud Access Security Brokers (i.e.,
Zscaler).
- Review and analyze risk-based Security information and event
management (SIEM) alerts when developing hunt hypotheses.
- Review open-source intelligence about threat actors when
developing hunt hypotheses.
- Plan, conduct, and document iterative, hypothesis based,
tactics, techniques, and procedures (TTP) hunts utilizing the agile
scrum project management methodology.
- At the conclusion of each hunt, propose, discuss, and document
custom searches for automated detection of threat actor activity
based on the hunt hypothesis.
- Configure, deploy, and troubleshoot Endpoint Detection and
Response agents (e.g., Crowdstrike and Sysmon).
- Collect and analyze data from compromised systems using EDR
agents and custom scripts provided by the AOUSC.
- Track and document cyber defense incidents from initial
detection through final resolution.
- Interface with IT contacts at court or vendor to install or
diagnose problems with EDR agents.
- Participate in government led after action reviews of
incidents.
#J-18808-Ljbffr
Keywords: cFocus Software Incorporated, Baltimore , Cyber Threat Hunter (Mid-Level) - Public Trust, Other , Washington, Maryland
Didn't find what you're looking for? Search again!
Loading more jobs...