Threat Hunt Analyst

Threat Hunt Analyst

03 Mar 2024
Mississippi, Stennisspacecenter, 39522 Stennisspacecenter USA

Threat Hunt Analyst

Vacancy expired!

SBD is looking for a

Threat Hunt Analyst to join our team on a large-scale cyber security operations program supporting our federal customer at Stennis Space Center, MS. The formal practice of threat hunting seeks to uncover the presence of attacker tactics, techniques, and procedures (TTP) to support the customers mission of ensuring confidentiality, integrity and availability of the infrastructure for the agency to achieve its mission. The Threat Hunt Analyst shall apply the proper techniques and procedures for the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody.

Responsibilities:
  • Provide Monday - Friday, as well as after hours on call support as needed, to detect, analyze, and mitigate targeted, highly organized or sophisticated threats
  • Provide recommendations and produce consistent comprehensive reports on findings
  • Advanced traffic analysis (at the packet level) and reconstruction of network traffic to discover anomalies, trends, and patterns affecting the customers networks
  • Implementation, training, and SOP development and maintenance of implemented solutions
  • In-depth Web log analysis to determine trend, patterns, and suspicious activity
  • Pattern analysis, trend analysis, behavior analysis and other specialized analysis
  • Identify and develop enhancement opportunities while investigating and reporting on cyber policy trends and issues
  • Search for activity consistent with the presence of an advanced persistent threat (APT)
  • Design, deploy, and manage deception technologies (e.g. honeypots, lures, traps)
  • Design and implement a structured approach to assessing the ability of the customer's applications to indicate anomalies, provide recommendations to close gaps, and assist in the implementation of those recommendations (e.g. providing sample configs for logs, application settings, etc.)
  • Coordinate with the SOC to implement constant assessment of key risk areas (e.g. public facing interfaces, databases containing sensitive data)
  • Provide support to enhance Cyber requirements analysis and tracking process

Required Experience:
  • APT detection and prevention products such as FireEye HX, Cisco Advanced Malware Detection, ThreatGrid, Exabeam, etc.
  • Creating operating system baselines, verification of operating system services and applications in order to identify malicious anomalies. Linux/Unix operating systems and file system knowledge is useful. Strong knowledge/experience with Windows servers, domain controllers, databases, group policy management and network filtering (firewalls)
  • Performing NETFLOW or PCAP analysis using Wireshark, Cisco Stealthwatch, AWS VPC Flow logs, etc.
  • Real time security event monitoring, statistical analysis and detection of event anomalies and event analytics with Splunk
  • Forensic re-creation and documentation of a malware attack/breach from initial injection/exposure to malware, compromise and proliferation of threat across systems and removal/cleanup of a malware incident
  • Strong experience with network, live system, sandbox static and RAM/memory forensic malware analysis

Required Qualifications / Experience:
  • ship is required along with the ability to obtain a federal agency-specific Public Trust (EOD) clearance prior to starting
    • All applicants must have resided within the United States for at least 3 of the last 5 years
  • Must have or be able to obtain a DoD Top Secret Clearance concurrent with employment
  • Bachelor's Degree and 3+ years of related experience
  • Must have at least two (2) active certifications: Security+CE, GCIH, ISC2 CISSP, GSE, GREM, GAWN, GCIA, GPPA, GSEC, GCED, GSLC, GSNA, GCFA, or other comparable certification which must be approved by the customer
  • Two (2) years of experience with Splunk and WireShark

Job Details

Jocancy Online Job Portal by jobSearchi.