Cyber Threat Hunter Lead

28 Nov 2024

Vacancy expired!

Our Stennis, MS, DC metro and Ashburn VA based client is looking for

Cyber Threat Hunter Lead

. If you are qualified for this position, please email your updated resume in word format to lli@base-one.com

Cyber Threat Hunter Lead

Required Education/ExperienceThe candidate must possess an active TS/SCI Clearance. In addition to clearance requirement, all DHS personnel must obtain an EOD. BS degree in Science, Technology, Engineering, Math or related field and 12+ years of prior relevant experience with a focus

Primary Responsibilities
  • Create Threat Models to better understand the DHS IT Enterprise, identify defensive gaps, and prioritize mitigations
  • Author, update, and maintain SOPs, playbooks, work instructions
  • Utilize Threat Intelligence and Threat Models to create threat hypotheses
  • Plan and scope Threat Hunt Missions to verify threat hypotheses
  • Proactively and iteratively search through systems and networks to detect advanced threats
  • Analyze host, network, and application logs in addition to malware and code
  • Prepare and report risk analysis and threat findings to appropriate stakeholders
  • Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation.
  • Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise
  • Work with the customer to understand and obtain the scope and requirements of the requests
  • Provide guidance and direction to team members

Required Qualifications
  • The candidate must possess an active TS/SCI Clearance. In addition to clearance requirement, all DHS personnel must obtain an EOD.
  • BS degree in Science, Technology, Engineering, Math or related field and 12+ years of prior relevant experience with a focus on Cyber Security or Masters with 8 years of prior relevant experience.
  • Should have at least 4 years of experience serving as a SOC Analyst or Incident Responder
  • Ability to work independently with minimal direction; self-starter/self-motivated

Must Have One of the Following J3 Certifications
  • SANS GCIH (GIAC Certified Incident Handler)
  • SANS GCFA (GIAC Certified Forensic Analyst)
  • SANS GCIA (GIAC Certified Intrustion Analyst)
  • SANS GNFA (GIAC Network Forensic Analyst)
  • SANS GWAPT (GIAC Web Application Pentester)
  • SANS GPEN (GIAC Penetration Tester)
  • Offensive Security Certified Professional (OSCP)

Preferred Qualifications
  • Expertise in network and host based analysis and investigation
  • Demonstrated experience planning and executing threat hunt missions
  • Understanding of complex Enterprise networks to include routing, switching, firewalls, proxies, load balancers
  • Working knowledge of common (HTTP, DNS, SMB, etc) networking protocols
  • Familiar with operation of both Windows and Linux based systems
  • Proficient with scripting languages such as Python or PowerShell
  • Familiarity with Splunk Search Processing Language (SPL) and/or Elastic Domain Specific Language (DSL)
  • Demonstrated experience triaging and responding to APT activities.
  • Experience working with various technologies and platform such as AWS, Azure, O365, containers, etc.
  • Understanding of current cyber threat landscape, the different tactics commonly used by adversaries and how you would investigate, contain and recover against their attacks.