Cyber Threat Hunter (Mid-Level) - Public Trust
: Job Details :


Cyber Threat Hunter (Mid-Level) - Public Trust

cFocus Software Incorporated

Location: Washington,DC, USA

Date: 2024-12-03T07:34:48Z

Job Description:

cFocus Software seeks a Cyber Threat Hunter (Mid-Level) to join our program supporting United States Courts, Information Technology Security Office in Washington, DC. This position requires US Citizenship and the ability to obtain a Public Trust clearance. 4 days onsite with 1 day remote. Qualifications:

  • Bachelor's Degree or equivalent experience in a computer, engineering, or science field.
  • Ability to obtain a Public Trust clearance.
  • US Citizenship
  • Certifications: GCIA or GCIH or GSEC or GMON or Splunk Core Power User.
  • 5+ years of relevant experience.
Duties:
  • Identifies, deters, monitors, and investigates computer and network intrusions.
  • Provide computer forensic support to high technology investigations in the form of evidence seizure, computer forensic analysis, and data recovery.
  • Monitor and assess complex security devices for patterns and anomalies from raw events (DNS, DHCP, AD, SE logs), tag events for Tier 1 & 2 monitoring.
  • Conduct malware analysis in out-of-band environment (static and dynamic), including complex malware.
  • Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now), for threat hunt support.
  • Threat hunt targets include cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (i.e., Zscaler).
  • Review and analyze risk-based Security information and event management (SIEM) alerts when developing hunt hypotheses.
  • Review open-source intelligence about threat actors when developing hunt hypotheses.
  • Plan, conduct, and document iterative, hypothesis based, tactics, techniques, and procedures (TTP) hunts utilizing the agile scrum project management methodology.
  • At the conclusion of each hunt, propose, discuss, and document custom searches for automated detection of threat actor activity based on the hunt hypothesis.
  • Configure, deploy, and troubleshoot Endpoint Detection and Response agents (e.g., Crowdstrike and Sysmon).
  • Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
  • Track and document cyber defense incidents from initial detection through final resolution.
  • Interface with IT contacts at court or vendor to install or diagnose problems with EDR agents.
  • Participate in government led after action reviews of incidents.
Apply Now!

Similar Jobs (0)