This site uses cookies. To find out more, see our Cookies Policy

Blue Team Lead/Threat Hunting SME, Senior in Arlington, VA at Booz Allen Hamilton Inc.

Date Posted: 5/13/2019

Job Snapshot

Job Description

Job Number: R0050186

Blue Team Lead/Threat Hunting SME, Senior

Key Role:
Apply experience as a Blue Team lead and threat hunting SME to analyze the development and maturation of an operational Blue Team and threat hunting program for a DoD enterprise service provider. Be a self-starter and leader capable of managing and executing development activities with minimal oversight. Present ongoing activities and findings to senior technical leadership and realign expectations or objectives, as needed. Interact with customers to schedule Blue Team missions and propose the tool sets required to carry out Blue Team missions.

Basic Qualifications:
-Experience with 5 or more of the following: incident response processes, automated intrusion detection capabilities and analysis techniques, malware analysis and classifications, Cyber attack types and exploitation techniques, Cyber attack modeling, threat intelligence reporting and analysis, or incident reporting and sharing requirements

-Experience with Cyber threat methodologies, including the Cyber Kill Chain, Pyramid of Pain, MITRE ATT&CK Matrix, and Diamond Model and applying them to enterprise Cyber operations
-Knowledge of commercial EDR tools, including Falcon, CarbonBlack, or Tanium

-TS/SCI clearance

-BA or BS degree in Digital Forensics or CS and 5 years of experience with Blue Teams or Red Teams and MA or MS degree in Digital Forensics or CS and 2 years of experience with Blue Teams or Red Teams
-Computing Environment Certification, including CEH or Security+ CE

Additional Qualifications:

-Experience with Windows Management Instrumentation (WMI)

-Experience with Python and C#
-Experience with threat hunting tools, including Timeline Explorer, Densityscout, CyberChef, Windows Sysinternals tools, such as sigcheck and autorunsc, Kansa or PowerForensics, and PyWMIPersistenceFinder.py
-Experience with Service Oriented Architecture (SOA) and Web services, including REST and SOAP preferred

-Experience with PowerShell

-Experience with Microsoft Project preferred

-Experience with FS-ISAC, US-CERT, STIX or TAXI preferred

-Experience with Mission Essential Tasks (METS), and Missions Essential Task Lists (METL) preferred

-Knowledge of DoD HBSS and ACAS, including Nessus

-Knowledge of Splunk, Tanium, Anomali, CrowdStrike, and other tools highly desired
-Possession of excellent oral and written communication skills, including making clear and concise presentations to various audiences


Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

#LI-AH1, APC3, CJ1

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.


Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.