Cybersecurity Threat Analyst, Mid in Arlington, VA at Booz Allen Hamilton Inc.

Date Posted: 6/20/2018

Job Snapshot

Job Description

Job Number: R0025518

Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering and innovation expertise.

Cybersecurity Threat Analyst, Mid

Key Role:

Analyze and develop hunt hypotheses around the most current attacker techniques, tools, and procedures as they emerge. Improve the team’s hunt capabilities, processes, and playbooks. Participate in client hunt engagements, leveraging the latest threat intelligence and hunt analytic library to detect, confirm, and eradicate threat actors for clients. Provide expert analytic investigative support of large-scale and complex security incidents. Provide forensic analysis of full network packet captures, Bro, DNS, Web Proxy, and Net flow logs from various security sensors. Analyze endpoint telemetry for anomalous and malicious behavior. Develop scripts to automate advanced and complex searches.

Basic Qualifications:

-4+ years of experience with IT infrastructure

-4+ years of experience with operational security, including Security Operations Center (SOC), incident response, malware analysis, or IDS and IPS analyses

-Knowledge of the TCP/IP networking stack and network IDS technologies

-TS/SCI clearance

-BA or BS degree

-GCFA, GCFE, GREM, GNFA, or OSCP Certification

Additional Qualifications:

-Experience with regular expression and at least one common scripting language, including Python or PowerShell

-Experience with Windows Enterprise Security or Systems Administration

-Experience with SIEM/SOC, including Qradar, Splunk ES, or ArcSight

-Experience with data hunting, including ELK, Splunk, Apache Spark, or AWS Stack

-Experience with scripting, including PowerShell, Python, or REST APIs

-Experience with forensic tools, including FTK and Encase

-Experience with endpoint telemetry, including Carbon Black, HX, Falcon, or Endgame

-Experience with network hunting, including Bro Logs, Netflow, PCAP, or PaloAlto firewall and proxies

-Experience with offensive tools, including Mimikatz, Metasploit, and Empire

-Knowledge of Windows operating system and PowerShell or command line

-Knowledge of Endpoint Incident Response and Forensics

-Knowledge of the Splunk search language, search techniques, alerts, dashboards, and report building

-Ability to provide onsite client support

-Ability to travel

-Ability to analyze malware, extract indicators, and create signatures, including Yara, Snort, and IOCs

-Possession of excellent collaborative skills

-BA or BS degree in CS or a related field


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

Integrating a full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems by their side to help them achieve their missions.  Booz Allen is committed to delivering results that endure.

We are proud of our diverse environment, EOE, M/F/Disability/Vet.

JHT, SIG2017

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.