Threat Defense Operations Lead in El Segundo, CA at Booz Allen Hamilton Inc.

Date Posted: 5/28/2018

Job Snapshot

Job Description

Job Number: R0011687

Threat Defense Operations Lead

Key Role:

Serve as a subject matter expert and manager for client-facing tasks, including the assessment, design, and implementation of a variety of enterprise security prevention, detection, and response capabilities. Build, manage, and implement security analytic use cases for analytic tools, including Splunk to detect and respond to threats. Develop and enhance security device rules, queries, filters, dashboards, reports, channels, and custom active lists. Assess, recommend, enhance, implement, and monitor a variety of security tools spanning multiple capabilities, including intrusion detection and prevention and security analytics. Perform retrospective anomaly and malware detection, leveraging client-facing tools and adapt to new toolsets. Integrate multiple sources of threat intelligence, including YARA rules, OpenIOC, and general reports into various security tools and work closely with additional client security teams to develop, tune, automate, and enhance network and host-based security devices. Manage a team in the event of a Cyber intrusion or incident, perform extensive network and host triage, maintain strict chain-of-custody, develop documentation and reports, and perform remediation. This position will require extensive travel to high profile commercial client sites throughout the US, up to 75% of the time and is located in the Washington, DC metro area.


Basic Qualifications:

-7+ years of experience with incident response, security operations, or Cybersecurity

-Experience with managing a security operations center or a team of analysts performing assessment, design, and implementation of enterprise security prevention, detection, and response capabilities

-Experience with SIEMs, including dashboard and report generation and analysis

-Experience with analyzing network and host logs to identify outliers and anomalies and creating, leveraging, and implementing IOC datasets, including YARA or OpenIOC

-Experience with implementing and maintaining network security devices

-Knowledge of offensive and defensive host and network security techniques

-Knowledge of common network and host security technologies and Cyber threat intelligence processes

-Ability to obtain a security clearance


Additional Qualifications:

-2+ years of experience with leading staff in project or task delivery

-Experience with scripting languages

-Experience with performing anomaly or malware hunts

-Experience with malware analysis, including static and dynamic analyses

-Experience with data loss prevention techniques and tools

-Knowledge of the Windows file system and areas of persistence

-BA or BS degree in CS, IT, Cybersecurity, or a related field

-Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), or other relevant GIAC Certification


Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.

CMCL

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.


Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.