Threat Hunt Analyst (w/ active TS)

Ashburn, VA 20147, USA

Critical Solutions

Critical Solutions specializes in providing expert cyber security services in the areas of automation, integration and research development.

View all jobs at Critical Solutions

Apply now Apply later

Threat Hunt Analyst (w/ active TS)

Location: Ashburn, Virginia
Clearance: Top Secret
Full-Time/ On-site


JOB DESCRIPTION

Critical Solutions has an immediate need for an experienced Cyber Threat Hunt Analyst to support our federal program customer in Ashburn, VA.

The Cyber Threat Hunt Analyst will be responsible for in-depth technical analysis of network and endpoint logs & activity, executing various types of cyber threat hunts on various agency assets, escalating findings as deemed appropriate, and authoring technical reports summarizing operations and findings in support of the protection of the customers' systems, networks, and assets.


PRIMARY ROLES AND RESPONSIBILITIES:

  • Create Threat Models to better understand the Agency IT Enterprise, identify defensive gaps, and prioritize mitigations
  • Author, update, and maintain SOPs, playbooks, work instructions
  • Utilize Threat Intelligence and Threat Models to create threat hypotheses
  • Plan and scope Threat Hunt Missions to verify threat hypotheses
  • Proactively and iteratively search through systems and networks to detect advanced threats
  • Analyze host, network, and application logs in addition to malware and code
  • Prepare and report risk analysis and threat findings to appropriate stakeholders
  • Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation.
  • Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise

BASIC QUALIFICATIONS:

  • Possess an active Top-Secret Clearance and be able to favorably pass a 5-year Agency background investigation (BI)
  • BS degree or equivalent and 2+ years of prior relevant experience, or a master's with less than 2 years, in order to operate within the scope contemplated by the level.
  • Experience in the areas of incident detection and response, malware analysis, or computer forensics.
  • Must have one of the following certifications: CCFP, CCNA, CCNP, CEH, CHFI, CISSP, CIRC, ECES, ECIH, ECSA, ECSS, EnCE, ENSA, FIWE, GCFA, GCFE GCIH, GISF, GNFA, GREM, GWEB, GXPN, LPT, OSCE, OSCE, OSCP, OSEE, OSWP, WFE-E-CI, FTK-WFE-FTK, CySA+, CLNP, CompTIA PenTest+, GCTI, GOSI, CTIA, CSAP, Splunk Core Certified Advanced Power User, Splunk Core Certified Consultant, Splunk SOAR Certified Automation Developer

PREFERRED QUALIFICATIONS:

  • Expertise in network and host-based analysis and investigation
  • Demonstrated experience planning and executing threat hunt missions
  • Understanding of complex Enterprise networks to include routing, switching, firewalls, proxies, load balancers
  • Working knowledge of common (HTTP, DNS, SMB, etc) networking protocols
  • Familiar with operation of both Windows and Linux based systems
  • Proficient with scripting languages such as Python or PowerShell
  • Familiarity with Splunk Search Processing Language (SPL) and/or Elastic Domain Specific Language (DSL)
  • Demonstrated experience triaging and responding to APT activities.
  • Experience working with various technologies and platform such as AWS, Azure, O365, containers, etc.
  • Understanding of current cyber threat landscape, the different tactics commonly used by adversaries and how you would investigate, contain and recover against their attacks.

LOCATION:

  • On-site. Ashburn, VA
  • Must be able and willing to commute to work location.

ADDITIONAL INFORMATION:

Clearance Requirement: Must be a US Citizen and possess an active Top-Secret Clearance. In addition to specific security clearance requirements, selected candidate must undergo background investigation and finger printing by the federal agency and successfully pass the preceding to qualify for the position.

CRITICAL SOLUTIONS PAY AND BENEFITS:

Salary range $135,000 - $173,000. The salary range for this position represent the typical salary range for this job level and this does not guarantee a specific salary. Compensation is based upon multiple factors such as responsibilities of the job, education, experience, knowledge, skills, certifications, and other requirements.

BENEFIT SNAPSHOT: 100% premium coverage for Medical, Dental, Vision, and Life Insurance, Supplemental Insurance, 401K matching, Flexible Time Off (PTO/Holidays), Higher Education/Training Reimbursement, and more.


Apply now Apply later
Job stats:  2  1  0

Tags: APT Automation AWS Azure Business Intelligence CCNP CEH CHFI CISSP Clearance CompTIA DNS ECSA EnCE Firewalls Forensics GCFA GCFE GCIH GCTI GNFA GREM GXPN Linux Malware OSCE OSCP OSEE OSWP PowerShell Python Risk analysis Scripting Security Clearance SOAR Splunk Threat detection Threat intelligence Top Secret Windows

Perks/benefits: 401(k) matching Flex hours Flex vacation Health care

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.