Senior Cybersecurity Analyst (Threat Hunting and Pursuit)

Lakewood, CO

phia, LLC

At phia, trust us to solve the complex challenges of our connected world through top-tier cyber intelligence & threat hunting. Contact us.

View all jobs at phia, LLC

Apply now Apply later

At phia we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.
phia is hiring a Senior Cybersecurity Analyst (Threat Hunting and Pursuit) who can think like a cyber attacker and develop and implement creative methods to detect and thwart those behaviors. You’ll use your network defense experience and analytical skills to rapidly prototype and develop scripts to create haystacks and sift through the false positives to find patterns and indicators. Work with our team of cyber threat hunting experts to find the adversary in common blind spots and advise federal customers on ways to close gaps and harden their network. This job is performed on-site in Lakewood, CO (Denver area).

What You'll Do

  • Actively hunt threats on client networks
  • Investigate SIEM and other security application logs for suspicious and malicious behaviors
  • Identify potential attack vectors and threat actor TTPs to support active network defense
  • Investigate security incidents and provide detailed overview of the event from intrusion to mitigation
  • Create behavior-based detections to monitor for suspicious and malicious activity
  • Collaborate with Cyber Threat Intelligence analysts and SOC analysts to jointly harden client networks
  • Review, improve, and implement complex network detections
  • Train and mentor junior analysts on best practices and Blue Team TTPs

Education + Requirements

  • Bachelor’s Degree
  • 12+ years of cybersecurity/information assurance experience (defense or offense)
  • Minimum of five (5) years technical experience effectively providing network and/or system administration, operations, and/or security testing and evaluation
  • Familiarity with the US Intelligence Community and using intelligence to support cyber defense/mitigation work
  • Familiarity with cyber hunt methodologies
  • Experience working cyber issues to include offensive or defensive TTPs
  • Understanding of foreign capabilities in IT or OT environments
  • Experience providing forensic and data analysis support to cyber issues
  • Experience with logging and data analysis platforms such as Kibana or Splunk
  • Experience with data forensic tools, including Wireshark, Kali tools, encoders/decoders, etc.
  • Experience working with Linux and command-line interfaces
  • Knowledge of common malware functionality and operations
  • Experience writing technical reports and briefing leadership
  • Ability to provide on-site, full-time support in a client environment

Required Certification (one or more of the follwing):

  • Minimum IAM or IAT Level III (i.e. one or more of CISSP, CCSP, CASP+CE, CISM, CISA, CCNP Security, GSLC, GCED, GCIH)

Additional Preferred/Desired Certifications (or similar):

  • GIAC Certified Cyber Threat Intelligence (GCTI)
  • GIAC Security Operations Certified (GSOC)
  • GIAC Defending Advanced Threats (GDAT)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Enterprise Incident Response (GEIR)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Certified Detection Analyst (GCDA)
  • GIAC Certified Network Forensic Analyst (GNFA)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Critical Infrastructure Protection (GCIP)
  • GIAC Response and Industrial Defense (GRID)

Security Clearance:

  • U.S. Citizenship
  • Active Top Secret required
  • An agency background check is required

Desired:

  • Experience in leading cyber exercises
  • Experience with reporting IT Security events and incidents in the time prescribed based on policies and procedures
  • Experience with effectively providing network or system administration, or computer operations
  • Experience with forensics tools, Encase, IDA PRO, or Wireshark
  • Experience with US critical infrastructure
  • Experience with analyzing ICS and SCADA traffic
  • Experience with cyber operations center environments
  • Experience with writing technical reports and briefing leadership
  • Knowledge of supporting the IC, national level system security initiatives, and secure Information, Local Area Network (LAN), and Wide Area Network (WAN) technologies
  • Knowledge of virtualization
  • Experience working in Purple Teams supporting Red and Blue Team exercises and testing
#LI-LC1
Who You Are A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.Intellectually curious with a genuine desire to learn and advance your career.An effective communicator, both verbally and in writing.Customer service-oriented and mission-focused.Critical thinker with excellent problem-solving skills If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.
Who We Arephia, LLC is a Northern Virginia-based, small business established in 2011 with a focus on Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.phia values work-life balance and offers the following benefits to full-time employees: Comprehensive medical insurance to include dental and visionShort Term & Long-Term Disability 401k Retirement Savings Plan with Company MatchTuition and Professional Development Assistance Flex Spending Accounts (FSA)
phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  1  0  0

Tags: Blue team CASP+ CCNP CCSP CISA CISM CISSP Clearance Cyber defense DoD EnCase Forensics GCED GCFA GCIA GCIH GCTI GIAC GNFA GSLC IAM ICS IDA Pro Incident response Industrial Kali Linux Malware SCADA Security Clearance SIEM SOC Splunk Strategy Threat intelligence Top Secret TTPs

Perks/benefits: 401(k) matching Career development Health care Insurance Team events

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.