Apply on Employer Site

Leidos · 18 hours ago

Cyber Threat Hunt Analyst

Ashburn, VA

Full-time

Onsite

Mid, Senior Level

$108K/yr - $195K/yr

5+ years exp

Leidos is seeking an experienced Cyber Threat Hunt Analyst to join their team supporting the U.S. Customs and Border Protection. The role involves conducting in-depth technical analysis of network and endpoint logs, executing cyber threat hunts, and preparing technical reports to enhance the security of the customers' systems and networks.

ComputerGovernmentInformation ServicesInformation TechnologyNational SecuritySoftware

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Will conduct cyber threat analysis, identifying mitigation and/or remediation courses of action; developing actionable intelligence used to protect organizational IT assets; and trending cyber threat metrics for leadership situational awareness

Utilize Threat Intelligence and Threat Models to create threat hypotheses for threat hunts

Identify, track, and investigate high priority threat campaigns, malicious actors with the interest, capability and Tactics, Techniques, and Procedures (TTPs)

Utilize Cyber Threat Intelligence to execute ad hoc threat hunts on agency assets, networks, and systems to identify threat activity that may evade endpoint detection tools

Utilize the MITRE ATT&CK framework to understand TTPs of adversaries, threat actors, APTs, and threats targeting the customer agency and organize threat hunts around ATT&CK techniques and sub-techniques

Responsible for maintaining a comprehensive understanding of the cyber threat landscape, including identifying and analyzing cyber threats actors and/or activities to enhance cybersecurity posture of the organization’s IT operating environment

Prepare and report risk analysis and threat findings to appropriate stakeholders

Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation

Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise

Plan, scope, and execute Threat Hunt Missions to verify threat hypotheses, deconflict findings, and escalate as necessary

Proactively and iteratively search through systems and networks to detect advanced threats

Analyze host, network, and application logs in addition to malware and code

Will be responsible for developing scripts to support cyber threat detection that outputs results in a variety of formats, such as VB scripts, Python, C++, HTML, XML or other type most appropriate for the task

Produce high quality technical and non-technical products, briefings, whitepapers, etc., with minimal supervision and emphasis on effective/accurate reporting on product topics

Maintain the daily battle rhythm for the Cyber Threat Hunt team with an emphasis on adherence to deadlines, attention to detail, and clear/concise communication with the customer and stakeholders

Will be responsible for implementing defined procedures for remediation or make an informed decision to escalate

Maintain the daily battle rhythm of threat hunts and Cyber Threat Hunt reporting

Author technical and non-technical reports and briefings to ensure leadership awareness of findings and observations

Create daily, weekly, and monthly reports and metrics for products and briefings

Process technical data from various sources and fuse the data with intelligence reporting to improve the security posture of the customer, as well as manage Threat Hunt tools

Qualification

Cyber Threat AnalysisIncident DetectionResponseScripting PythonScripting VBScripting etc.Threat IntelligenceMITRE ATT&CK FrameworkSIEM ToolsNetwork Security MonitoringMalware AnalysisTechnical ReportingAttention to DetailClear CommunicationSelf-Motivated

Required

Have a bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field with 8 years of work experience. Additional years of experience are accepted in lieu of degree

Possess a minimum of 5 years of professional experience in incident detection and response, malware analysis, or cyber forensics

Have 2+ years recent experience with host-based and network-based security monitoring using cybersecurity capabilities

Must be experienced developing scripts to support cyber threat detection that outputs results in a variety of formats, such as VB scripts, Python, C++, HTML, XML or other

Established experience with incident response and SIEM tools, host-based logs, network-based logs, and regex

Ability to work independently with minimal direction; self-starter/self-motivated

The candidate should have at minimum ONE of the following certifications: CompTIA Cyber Security Analyst (CySA+), CompTIA Linux Network Professional (CLNP), CompTIA Pentest+, CompTIA Cybersecurity Analyst (CySA+), GPEN – Penetration Tester, GWAPT – Web Application Penetration Tester, GSNA – System and Network Auditor, GISF – Security Fundamentals, GXPN – Exploit Researcher and Advanced Penetration Tester, GWEB – Web Application Defender, GNFA – Network Forensic Analyst, GMON – Continuous Monitoring Certification, GCTI – Cyber Threat Intelligence, GOSI – Open Source Intelligence, OSCP (Certified Professional), OSCE (Certified Expert), OSWP (Wireless Professional), OSEE (Exploitation Expert), CCFP – Certified Cyber Forensics Professional, CISSP – Certified Information Systems Security, CEH – Certified Ethical Hacker, CHFI – Computer Hacking Forensic Investigator, LPT – Licensed Penetration Tester, CSA – EC Council Certified SOC Analyst (Previously ECSA – EC-Council Certified Security Analyst), ENSA – EC-Council Network Security Administrator, ECIH – EC-Council Certified Incident Handler, ECSS – EC-Council Certified Security Specialist, ECES – EC-Council Certified Encryption Specialist

Preferred

A minimum of 7 years of hands-on experience with experience in the last 2 years that includes host-based and network-based security monitoring using cybersecurity capabilities

Previous DOD, IC or Law Enforcement Intelligence or Counterintelligence Training/Experience

Demonstrated experience planning and executing threat hunt missions

Understanding of complex Enterprise networks to include routing, switching, firewalls, proxies, load balancers

Working knowledge of common (HTTP, DNS, SMB, etc) networking protocols

Familiarity with operation of both Windows and Linux based systems

Proficient with scripting languages such as Python or PowerShell

Familiarity with Splunk Search Processing Language (SPL) and/or Elastic Domain Specific Language (DSL)