Cyber Threat Hunter

The Challenge:

Are you looking for an active role in detecting advanced Cyber threats to our national security and government clients? Instead of letting the attackers come to us, let’s go find them. Cyber threats are evolving, and perimeter security and automated protection aren’t enough—it’s time to go threat hunting. We’re looking for computer network defense (CND) and computer network operations (CNO) specialists who can think like a Cyber attacker to figure out how to circumvent security measures. This is an opportunity to use your analytical skills and gain network defense experience. You’ll learn to rapidly prototype and build scripts to create haystacks where you’ll sift through the false positives to find patterns and indicators. Learn from our team of Cybersecurity experts as you find the adversary in the Security Event Information Management (SEIM)'s blind spot to help the government close the gaps and harden their network. This is a chance to think differently about Cyber defense, use completely new tools and approaches, and develop the next generation of security analytics. Let’s outsmart the adversary and protect our national security for our government clients.

You Have:

-Experience with IT infrastructure

-Experience with operational security, including security operations center (SOC), incident response, malware analysis, or IDS and IPS analyses

-Knowledge of the TCP/IP networking stack and network IDS technologies

-Ability to work with client deliverables and requirements

-Ability to obtain a security clearance

-BA or BS degree

-GCFA, GCFE, GREM, GNFA, or OSCP Certification

Nice If You Have:

-Experience with regular expression and scripting languages, including Python or PowerShell

-Experience with Windows Enterprise security or systems administration

-Experience with SIEM and SOC, including Qradar, Splunk ES, or ArcSight

-Experience with data hunting, including ELK, Splunk, Apache Spark, or Amazon Web Services (AWS) Stack

-Experience with scripting, including PowerShell, Python, or REST APIs

-Experience with forensic tools, including FTK and Encase

-Experience with endpoint telemetry, including Carbon Black, HX, Falcon, or Endgame

-Experience with network hunting, including Bro Logs, Netflow, PCAP, or PaloAlto firewalls and proxies

-Experience with offensive tools, including Mimikatz, Metasploit, and Empire

-Knowledge of Windows OS and PowerShell or command line

-Knowledge of endpoint incident response and forensics

-Knowledge of the Splunk search language, search techniques, alerts, dashboards, and report building

-Ability to provide onsite client support and travel, as needed

-Ability to analyze malware, extract indicators, and create signatures in Yara, Snort, and IOCs

-Possession of excellent collaborative skills

-BA or BS degree in CS or a related field

Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

CMCL, CMD

Not ready to apply? Join our talent community and sign up for job alerts.