isecjobs.com

Cyber Threat Hunter (Senior) - Public Trust

Washington, DC

Applications have closed
cFocus Software Incorporated logo

cFocus Software Incorporated

Our exclusive ATO as a Service™ software & expert services automate FISMA RMF & FedRAMP compliance.

View all jobs at cFocus Software Incorporated

Find more jobs like this Jobs in the United States

cFocus Software seeks a Cyber Threat Hunter (Senior) to join our program supporting United States Courts, Information Technology Security Office in Washington, DC. This position requires US Citizenship and the ability to obtain a Public Trust clearance.

Qualifications:
  • Bachelor’s Degree or equivalent experience in a computer, engineering, or science field.
  • Ability to obtain a Public Trust clearance.
  • US Citizenship
  • Hold active certifications such as GCIA or GCIH or GSEC or GMON, and Splunk Core Power User.
  • 7+ years of relevant experience.

Duties:
  • Lead Threat Hunt team provides oversight and be responsible for event investigation and tracking activities.
  • Identifies, deters, monitors, and investigates computer and network intrusions.
  • Provide computer forensic support to high technology investigations in the form of evidence seizure, computer forensic analysis, and data recovery.
  • Monitor and assess complex security devices for patterns and anomalies from raw events (DNS, DHCP, AD, SE Logs), tag events for Tier 1 & 2 monitoring.
  • Conduct Malware analysis in out-of-band environment (static and dynamic), including complex malware.
  • Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now), for threat hunt support.
  • Threat hunt targets include cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (i.e., Zscaler).
  • Review and analyze risk-based Security information and event management (SIEM) alerts when developing hunt hypotheses.
  • Review open-source intelligence about threat actors when developing hunt hypotheses.
  • Plan, conduct, and document iterative, hypothesis based, tactics, techniques, and procedures (TTP) hunts utilizing the agile scrum project management methodology.
  • At the conclusion of each hunt, propose, discuss, and document custom searches for automated detection of threat actor activity based on the hunt hypothesis.
  • Configure, deploy, and troubleshoot Endpoint Detection and Response agents (e.g., Crowdstrike and Sysmon).
  • Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
  • Track and document cyber defense incidents from initial detection through final resolution.
  • Interface with IT contacts at court or vendor to install or diagnose problems with EDR agents.
  • Participate in government led after action reviews of incidents.
  • Triage malware events to identify the root cause of specific activity.
  • Attend daily Agile Scrum standups and report progress on assigned Jira stories.
Find more jobs like this Jobs in the United States

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0
Category: Threat Intel Jobs

Tags: Active Directory Agile Azure Clearance Cloud CrowdStrike Cyber defense DNS EDR GCIA GCIH GSEC Jira Malware Monitoring Scrum SIEM Splunk

Perks/benefits: Team events

Region: North America
Country: United States

More jobs like this

« Back to job search To the top ↑

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.

Information Systems Security Officer jobsSenior Cloud Security Engineer jobsInformation System Security Officer jobsSenior Cybersecurity Engineer jobsInformation Security Specialist jobsInformation Security Manager jobsSenior Network Security Engineer jobsSecurity Consultant jobsCyber Security Specialist jobsIT Security Engineer jobsSecurity Specialist jobsSenior Information Security Analyst jobsSenior Penetration Tester jobsIT Security Analyst jobsSenior Cyber Security Engineer jobsSystems Engineer jobsChief Information Security Officer jobsSystems Administrator jobsStaff Security Engineer jobsInformation System Security Officer (ISSO) jobsPrincipal Security Engineer jobsThreat Intelligence Analyst jobsSenior Product Security Engineer jobsCloud Security Architect jobsInformation Systems Security Engineer jobs
GDPR jobsEncryption jobsPowerShell jobsDevSecOps jobsEDR jobsSaaS jobsIDS jobsSplunk jobsSDLC jobsRMF jobsIPS jobsTop Secret jobsSQL jobsIntrusion detection jobsBash jobsThreat detection jobsActive Directory jobsCompTIA jobsDoDD 8570 jobsITIL jobsOWASP jobsDocker jobsBanking jobsCRISC jobsUNIX jobs
Finance jobsTCP/IP jobsClearance Required jobsGIAC jobsCISO jobsIndustrial jobsTerraform jobsHIPAA jobsIT infrastructure jobsSOC 2 jobsSANS jobsJavaScript jobsVPN jobsOSCP jobsCCSP jobsMITRE ATT&CK jobsSOAR jobsJira jobsDNS jobsSOX jobsData Analytics jobsPolygraph jobsNIST 800-53 jobsGCIH jobsSecurity strategy jobs