Senior Threat Hunter
Washington, DC
⚠️ We'll shut down after Aug 1st - try foo🦍 for all jobs in tech ⚠️
cFocus Software Incorporated
Our exclusive ATO as a Service™ software & expert services automate FISMA RMF & FedRAMP compliance.
cFocus Software seeks a Threat Hunter to support the Administrative Offices of the United States Courts (AOUSC) in Washington, DC. This position will require 4 days a week onsite at the Thurgood Marshall Building and 1 day remote with hours of 8am- 4:30pm.
Required Qualifications include:
Duties and Responsibilities:
Required Qualifications include:
- Ability to obtain a Public Trust
- 5 years of experience performing threat hunts & incident response activities for cloud-based and non-cloud-based environments, such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Zscaler
- 5 years of experience performing hypothesis-based threat hunt & incident response utilizing Splunk Enterprise Security.
- 5 years of experience collecting and analyzing data from compromised systems using EDR agents (e.g. CrowdStrike) and custom scripts (e.g. Sysmon & Auditd)
- 5 years of experience with the following threat hunting tools:
- Microsoft Sentinel for threat hunting within Microsoft Azure;
- Tenable Nessus and SYN/ACK for vulnerability management;
- NetScout for analyzing network traffic flow;
- SPUR.us enrichment of addresses
- Mandiant Threat intel feeds
- Must be able to work 80% (Monday thru Thursday) onsite at AOUSC office in Washington, DC
- One of the following certifications:
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Continuous Monitoring (GMON)
- GIAC Defending Advanced Threats (GDAT)
- Splunk Core Power User
Duties and Responsibilities:
- Provide incident response services after an incident is declared and provides a service that proactively searches for security incidents that would not normally be detected through automated alerting.
- The Threat Hunt mission is to explore datasets across the judicial fabric to identify unique anomalies that may be indicative of threat actor activity based on the assumption that the adversary is already present in the judicial fabric. The extended mission is to conduct counterintelligence, build threat actor dossiers, disrupt adversary operations, identify misconfigurations/ vulnerabilities, and identify visibility/detection gaps, if any. Human analytical thinking is imperative to the primary and extended missions as it is up to the threat hunter to find signs of an intrusion that have bypassed the automatic detection process that may already be in place.
- Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now), for threat hunt support. Threat hunt targets include cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (i.e., Zscaler).
- Review and analyze risk-based Security information and event management (SIEM) alerts when developing hunt hypotheses.
- Review open-source intelligence about threat actors when developing hunt hypotheses.
- Plan, conduct, and document iterative, hypothesis based, tactics, techniques, and procedures (TTP) hunts utilizing the agile scrum project management methodology.
- At the conclusion of each hunt, propose, discuss, and document custom searches for automated detection of threat actor activity based on the hunt hypothesis.
- Configure, deploy, and troubleshoot Endpoint Detection and Response agents (e.g., CrowdStrike and Sysmon).
- Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
- Track and document cyber defense incidents from initial detection through final resolution.
- Interface with IT contacts at court or vendor to install or diagnose problems with EDR agents.
- Participate in government led after action reviews of incidents.
- Triage malware events to identify the root cause of specific activity.
- Attend daily Agile Scrum standups and report progress on assigned Jira stories.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
1
0
0
Category:
Threat Intel Jobs
Tags: Active Directory Agile Azure Cloud CrowdStrike Cyber defense EDR GCIA GCIH GIAC Incident response Jira Malware Monitoring Nessus Scrum Sentinel SIEM Splunk Vulnerabilities Vulnerability management
Region:
North America
Country:
United States
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Senior Cybersecurity Engineer jobsSenior Security Analyst jobsSenior Information Security Analyst jobsSystems Administrator jobsSenior Cloud Security Engineer jobsInformation System Security Officer jobsCyber Security Specialist jobsSecurity Operations Engineer jobsSenior Product Security Engineer jobsInformation Security Manager jobsSenior Network Security Engineer jobsInformation System Security Officer (ISSO) jobsSenior Information Security Engineer jobsSecurity Specialist jobsSecurity Consultant jobsSenior Cyber Security Engineer jobsChief Information Security Officer jobsInformation Systems Security Engineer jobsSenior Software Engineer jobsNetwork Engineer jobsIT Security Engineer jobsCyber Threat Intelligence Analyst jobsCybersecurity Specialist jobsSecurity Operations Analyst jobsSoftware Engineer jobs
EDR jobsSecurity assessment jobsBash jobsEncryption jobsTS/SCI jobsThreat detection jobsSDLC jobsRMF jobsTerraform jobsIDS jobsSplunk jobsSQL jobsITIL jobsMalware jobsTop Secret jobsCompTIA jobsIPS jobsForensics jobsFinance jobsSOC 2 jobsOWASP jobsDocker jobsActive Directory jobsGIAC jobsClearance Required jobs
CRISC jobsOSCP jobsMITRE ATT&CK jobsDoDD 8570 jobsHIPAA jobsIntrusion detection jobsTCP/IP jobsVPN jobsCCSP jobsZero Trust jobsSOAR jobsDNS jobsIT infrastructure jobsJavaScript jobsAnsible jobsUNIX jobsNIST 800-53 jobsJira jobsKPIs jobsIndustrial jobsBanking jobsMachine Learning jobsSANS jobsData Analytics jobsSOX jobs