Cybersecurity Threat Analyst, Mid in Arlington, VA at Booz Allen Hamilton Inc.

Date Posted: 10/9/2018

Job Snapshot

Job Description

Job Number: R0025518

Cybersecurity Threat Analyst, Mid

Key Role:

Analyze and develop hunt hypotheses around the most current attacker techniques, tools, and procedures as they emerge. Improve the team’s hunt capabilities, processes, and playbooks. Participate in client hunt engagements, leveraging the latest threat intelligence and hunt analytic library to detect, confirm, and eradicate threat actors for clients. Provide expert analytic investigative support of large-scale and complex security incidents. Provide forensic analysis of full network packet captures, Bro, DNS, Web Proxy, and Net flow logs from various security sensors. Analyze endpoint telemetry for anomalous and malicious behavior. Develop scripts to automate advanced and complex searches.

Basic Qualifications:

-4+ years of experience with IT infrastructure

-4+ years of experience with operational security, including Security Operations Center (SOC), incident response, malware analysis, or IDS and IPS analyses

-Knowledge of the TCP/IP networking stack and network IDS technologies

-TS/SCI clearance

-BA or BS degree

-GCFA, GCFE, GREM, GNFA, or OSCP Certification

Additional Qualifications:

-Experience with regular expression and at least one common scripting language, including Python or PowerShell

-Experience with Windows Enterprise Security or Systems Administration

-Experience with SIEM/SOC, including Qradar, Splunk ES, or ArcSight

-Experience with data hunting, including ELK, Splunk, Apache Spark, or AWS Stack

-Experience with scripting, including PowerShell, Python, or REST APIs

-Experience with forensic tools, including FTK and Encase

-Experience with endpoint telemetry, including Carbon Black, HX, Falcon, or Endgame

-Experience with network hunting, including Bro Logs, Netflow, PCAP, or PaloAlto firewall and proxies

-Experience with offensive tools, including Mimikatz, Metasploit, and Empire

-Knowledge of Windows operating system and PowerShell or command line

-Knowledge of Endpoint Incident Response and Forensics

-Knowledge of the Splunk search language, search techniques, alerts, dashboards, and report building

-Ability to provide onsite client support

-Ability to travel

-Ability to analyze malware, extract indicators, and create signatures, including Yara, Snort, and IOCs

-Possession of excellent collaborative skills

-BA or BS degree in CS or a related field


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.

JHT, SIG2017

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.