Cyber Threat Hunter (Mid-Level) at cFocusSoftware Incorporated
Washington, District of Columbia, United States -
Full Time


Start Date

Immediate

Expiry Date

05 Apr, 26

Salary

0.0

Posted On

05 Jan, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Cyber Threat Hunting, Computer Forensics, Malware Analysis, Security Information and Event Management, Endpoint Detection and Response, Data Recovery, Threat Intelligence, Agile Scrum, Cloud Security, Incident Response, Risk Assessment, Technical Support, Evidence Seizure, Data Analysis, Custom Searches, Tactics Techniques and Procedures

Industry

Information Technology & Services

Description
cFocus Software seeks a Cyber Threat Hunter (Mid-Level) to join our program supporting USDOT in Washington, DC. This position has remote capabilities. This position requires an active Public Trust clearance and must meet 8570 requirements. Qualifications: Bachelor’s Degree or equivalent experience in a computer, engineering, or science field. Active Public Trust clearance. 8570 Compliant (Security+ CE) Hold active certifications such as GCIA or GCIH or GSEC or GMON, and Splunk Core Power User. 5+ years of relevant experience. Duties: Identifies, deters, monitors, and investigates computer and network intrusions. Provide computer forensic support to high technology investigations in the form of evidence seizure, computer forensic analysis, and data recovery. Monitor and assess complex security devices for patterns and anomalies from raw events (DNS, DHCP, AD, SE logs), tag events for Tier 1 & 2 monitoring. Conduct malware analysis in out-of-band environment (static and dynamic), including complex malware. Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now), for threat hunt support. Threat hunt targets include cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (i.e., Zscaler). Review and analyze risk-based Security information and event management (SIEM) alerts when developing hunt hypotheses. Review open-source intelligence about threat actors when developing hunt hypotheses. Plan, conduct, and document iterative, hypothesis based, tactics, techniques, and procedures (TTP) hunts utilizing the agile scrum project management methodology. At the conclusion of each hunt, propose, discuss, and document custom searches for automated detection of threat actor activity based on the hunt hypothesis. Configure, deploy, and troubleshoot Endpoint Detection and Response agents (e.g., Crowdstrike and Sysmon). Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC. Track and document cyber defense incidents from initial detection through final resolution. Interface with IT contacts at court or vendor to install or diagnose problems with EDR agents. Participate in government led after action reviews of incidents. Triage malware events to identify the root cause of specific activity. Attend daily Agile Scrum standups and report progress on assigned Jira stories.
Responsibilities
The Cyber Threat Hunter will identify, deter, monitor, and investigate computer and network intrusions while providing forensic support for high technology investigations. They will also conduct malware analysis and respond to government technical requests for threat hunt support.
Loading...