Cyber Threat Hunt and Red Team SME

The Challenge:

Work in a fast-paced environment that combines technical security operations talent with consulting expertise to deliver industry-leading IT security testing services. Join a team of security enthusiasts, perform cutting-edge research, and promote an environment of innovation and knowledge-sharing. Oversee enterprise threat hunt and red team engagements for a wide variety of clients, including Fortune 100 commercial clients across multiple market sectors.

Analyze the current state capabilities of the client's counter-threat process and technology, focusing on instrumentation, telemetry, and fidelity surrounding early attack sensing and warning (ASW). Map tactics, techniques, and procedures (TTPs) to specific actor sets and enumerate specific priority intelligence requirements (PIRs) the threat actors are pursuing against the client. Gather and review all pertinent client threat- and intelligence-related processes, procedures, and capabilities. Conduct process observations of resources and the use of existing capabilities, as required. Evaluate the client's high value target (HVT) and high value program (HVP) in relation to ASW and threat doctrine and map, visualize, and prioritize threat actor courses of action (COA). Conduct hands-on technical incident response assessment beyond automated tool validation, including full leveraging of access within multiple environments, such as Windows or *nix, conduct scenario-based security testing or red teaming to identify gaps in detection and response capabilities of client networks, and develop comprehensive and accurate reports and presentations for both technical and executive audiences. Develop team testing capabilities to keep up with ever changing red team tools and tactics. Communicate findings and strategy to client stakeholders, including technical staff, executive leadership, and legal counsel.

You Have:

-2+ years of experience with two or more of the following: network vulnerability assessments, Web application security testing, network penetration testing, red teaming, or security operations or hunt

-4+ years of experience with IT infrastructure or systems administration

-2+ years of experience with operational security, including SOC, incident response, malware analysis, and IDS or IPS analysis

-Experience with network hunting, including Bro Logs, Netflow, PCAP, and the PaloAlto firewall or proxies

-Experience with using multiple command and control channels, including DNS and HTTPS

-Experience with customizing Cobalt Strike 

-Experience with obfuscation and multiple methods of payload delivery, including executable and scripting files and customizing payloads and deployment techniques to avoid detection by anti-virus (AV) and Endpoint Detection and Response (EDR) solutions

-Experience with programming using one or more of the following: Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting and editing existing code

-Knowledge of open security testing standards and projects, including OWASP and ATT&CK

-HS diploma or GED

Nice If You Have:

-Experience with assembly languages, including x86 or reverse engineering

-Experience with physical security assessments, including the use of proxmark3 or similar proximity card spoofing or copying device

-Knowledge of offensive tools, including Mimikatz, Metasploit, or Empire

-Knowledge of security and technology

-Ability to clearly convey results in formal technical reports and deliver briefings to senior client staff

-BS degree in Computer Engineering, CS, or a technical field preferred

-OSCP, OSCE, or OSWE or SANS Certification

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.

Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.

Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.

Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.

Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.