Information Security Analyst (Threat Hunt Lead)
Washington, District of Columbia
Employer: Computer World Services Corp. (CWS)
Industry: Government
Salary: Competitive
Job type: Full-Time
Job Description
The Threat Hunt (TH) Lead oversees a team responsible for proactively assessing data collected from various cyber defense tools to analyze events within organizational environments for identifying and mitigating threats. This role requires a deep understanding of cyber threats, advanced persistent threats (APTs), and the ability to leverage a variety of tools and techniques to hunt for indicators of compromise (IOCs) and adversary tactics, techniques, and procedures (TTPs).
Key Tasks and Responsibilities
• Actively hunt for indicators of compromise (IOCs) and advanced persistent threats (APT) Tactics, Techniques, and Procedures (TTPs) in the network and on hosts using tools such as Azure Sentinel, PowerBI, Tenable, and M365 Defender.
• Analyze threat actor activity, identify intrusions, create detections, and track campaigns.
• Analyze collected data to identify trends in the security environment.
• Escalate threat and IOC details to the Cybersecurity team for implementing additional security controls.
• Leverage Microsoft Sentinel security information and event (SIEM) tool and other monitoring tools for security monitoring and proactive threat hunting.
• Utilize threat intelligence and open-source cybersecurity outlets to enhance TH operations.
• Develop and implement playbooks and automation objects for threat hunting capabilities.
• Manage security-related events/incidents using CUSTOMER and DHS ticketing systems.
• Utilize CUSTOMER Security Orchestration and Automated Response (SOAR) tool for automating threat hunting and incident handling.
• Research emerging threats and publish internal Threat Briefs.
• Create reports and presentations on research and findings.
• Recommend mitigation strategies based on IOCs and adversarial TTPs.
• Collaborate with SOC and Cyber Security teams on research results.
• Participate in DHS SOC status calls and working group meetings.
• Support ad hoc meetings requiring TH expertise.
• Update threat hunting status reports and act as backup briefer to Government at ITCSP weekly staff meetings.
• Develop and maintain TH repository of findings and SOPs.
• Support incident response efforts in collaboration with Cybersecurity and IT support teams.
• Interface with DHS SOC and other agencies or companies as needed.
• Provide threat hunting status reports to stakeholders.
• Support efforts to advance the maturity level of threat hunting capabilities of the CUSTOMER SOC based on the DHS defined Maturity Model.
• Support annual self-assessment of threat hunting capabilities against the DHS CSP maturity model.
• Support threat hunting aspects of formal DHS CSP assessments and cybersecurity tabletop exercises.
Job Requirements:
Education & Experience
• Bachelor's degree (preferred).
• Minimum 10 years of overall IT experience.
• 5 years of experience in a lead role managing a Security Operations Center or Threat Hunting team.
• 3 years of experience performing proactive threat hunting duties.
• 3 years of experience leveraging SIEM and SOAR products (Microsoft Sentinel preferred) for threat hunting duties.
• Knowledge of intelligence frameworks, processes, and cyber intelligence/information repositories.
• Understanding of cyber operations concepts, terminology, principles, capabilities, and limitations.
• Ability to synthesize complex information and communicate analysis effectively.
• Independent work capability and creative problem-solving skills.
• Strong representation skills in intra- and inter-agency meetings and with external partners.
Certifications
• At least one of relevant industry certifications such as GCTI (Global Information Assurance Certification [GIAC] Cyber Threat Intelligence), GCFA (GIAC Certified Forensic Analyst), GNFA (GIAC Network Forensic Analyst), GIAC Security Expert (GSE), or equivalent.
Security Clearance
• Candidate must be a US Citizen.
• DHS Customer will perform and adjudicate customer background investigation prior to work start.
• Candidate must be eligibility for potential Top Secret or Top Secret with SCI.
• Active Top Secret Clearance (Preferred).
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
• Local travel within 50-mile radius of Washington, DC may be required.
• Work location in Washington DC with Telework/Remote work authorized at Customer discretion.
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at
314.952.5138
or
[email protected]
.
Get job alerts by email. Sign up now! Join Our Talent Network!
Job Snapshot
Employee Type Full-Time
Location Washington, DC Metro Area (Hybrid)
Job Type Government, Information Technology, Other
Experience Not Specified
Date Posted 06/07/2024
Job ID 4201/3180/21093
Apply to this job.
Think you're the perfect candidate?
The Threat Hunt (TH) Lead oversees a team responsible for proactively assessing data collected from various cyber defense tools to analyze events within organizational environments for identifying and mitigating threats. This role requires a deep understanding of cyber threats, advanced persistent threats (APTs), and the ability to leverage a variety of tools and techniques to hunt for indicators of compromise (IOCs) and adversary tactics, techniques, and procedures (TTPs).
Key Tasks and Responsibilities
• Actively hunt for indicators of compromise (IOCs) and advanced persistent threats (APT) Tactics, Techniques, and Procedures (TTPs) in the network and on hosts using tools such as Azure Sentinel, PowerBI, Tenable, and M365 Defender.
• Analyze threat actor activity, identify intrusions, create detections, and track campaigns.
• Analyze collected data to identify trends in the security environment.
• Escalate threat and IOC details to the Cybersecurity team for implementing additional security controls.
• Leverage Microsoft Sentinel security information and event (SIEM) tool and other monitoring tools for security monitoring and proactive threat hunting.
• Utilize threat intelligence and open-source cybersecurity outlets to enhance TH operations.
• Develop and implement playbooks and automation objects for threat hunting capabilities.
• Manage security-related events/incidents using CUSTOMER and DHS ticketing systems.
• Utilize CUSTOMER Security Orchestration and Automated Response (SOAR) tool for automating threat hunting and incident handling.
• Research emerging threats and publish internal Threat Briefs.
• Create reports and presentations on research and findings.
• Recommend mitigation strategies based on IOCs and adversarial TTPs.
• Collaborate with SOC and Cyber Security teams on research results.
• Participate in DHS SOC status calls and working group meetings.
• Support ad hoc meetings requiring TH expertise.
• Update threat hunting status reports and act as backup briefer to Government at ITCSP weekly staff meetings.
• Develop and maintain TH repository of findings and SOPs.
• Support incident response efforts in collaboration with Cybersecurity and IT support teams.
• Interface with DHS SOC and other agencies or companies as needed.
• Provide threat hunting status reports to stakeholders.
• Support efforts to advance the maturity level of threat hunting capabilities of the CUSTOMER SOC based on the DHS defined Maturity Model.
• Support annual self-assessment of threat hunting capabilities against the DHS CSP maturity model.
• Support threat hunting aspects of formal DHS CSP assessments and cybersecurity tabletop exercises.
Job Requirements:
Education & Experience
• Bachelor's degree (preferred).
• Minimum 10 years of overall IT experience.
• 5 years of experience in a lead role managing a Security Operations Center or Threat Hunting team.
• 3 years of experience performing proactive threat hunting duties.
• 3 years of experience leveraging SIEM and SOAR products (Microsoft Sentinel preferred) for threat hunting duties.
• Knowledge of intelligence frameworks, processes, and cyber intelligence/information repositories.
• Understanding of cyber operations concepts, terminology, principles, capabilities, and limitations.
• Ability to synthesize complex information and communicate analysis effectively.
• Independent work capability and creative problem-solving skills.
• Strong representation skills in intra- and inter-agency meetings and with external partners.
Certifications
• At least one of relevant industry certifications such as GCTI (Global Information Assurance Certification [GIAC] Cyber Threat Intelligence), GCFA (GIAC Certified Forensic Analyst), GNFA (GIAC Network Forensic Analyst), GIAC Security Expert (GSE), or equivalent.
Security Clearance
• Candidate must be a US Citizen.
• DHS Customer will perform and adjudicate customer background investigation prior to work start.
• Candidate must be eligibility for potential Top Secret or Top Secret with SCI.
• Active Top Secret Clearance (Preferred).
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
• Local travel within 50-mile radius of Washington, DC may be required.
• Work location in Washington DC with Telework/Remote work authorized at Customer discretion.
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at
314.952.5138
or
[email protected]
.
Get job alerts by email. Sign up now! Join Our Talent Network!
Job Snapshot
Employee Type Full-Time
Location Washington, DC Metro Area (Hybrid)
Job Type Government, Information Technology, Other
Experience Not Specified
Date Posted 06/07/2024
Job ID 4201/3180/21093
Apply to this job.
Think you're the perfect candidate?
Created: 2024-06-09
Reference: 5Szgb3glfnh1
Country: United States
State: District of Columbia
City: Washington
ZIP: 20010
Similar jobs:
-
Senior Cyber Security Analyst (Hybrid)
CareFirst in Washington, District of Columbia💸 $89496 - $177749 per year -
MANAGEMENT AND PROGRAM ANALYST, GS-14 (Current FBI Employee Only), Office of the Chief Information Officer, Information Security Workforce Services Unit, Washington, DC
FBI in Washington, District of Columbia💸 $139395.00 per year -
Governance, Risk, & Compliance (GRC) Security Risk Senior Analyst
TikTok in Washington, District of Columbia -
Senior Information Security Analyst - Level 1 RPO
Insight Global in Washington, District of Columbia -
MANAGEMENT AND PROGRAM ANALYST 0343, GS-12, FBI EMPLOYEES ONLY, NOT TO EXCEED 2 YEARS, NATIONAL SECURITY BRANCH - GLOBAL ENGAGEMENT AND STRATEGIC COMMUNICATIONS UNIT, WASHINGTON DC
FBI in Washington, District of Columbia💸 $99200.00 - $128956.0 per year -
Security Management Systems Engineer/ Analyst
General Dynamics Corporation in Washington, District of Columbia💸 $101566 - $120750. per year -
Lead Cyber Security Operations Center (CSOC) Analyst - USDS
TikTok in Washington, District of Columbia -
FIRST Nuclear Security, Scientist Engagement, and Science Centers Program Analyst
General Dynamics Corporation in Washington, District of Columbia💸 $76500 - $103500. per year -
MANAGEMENT AND PROGRAM ANALYST, GS-12, FBI Only, Resource Management Unit, Security Division, Washington, DC
FBI in Washington, District of Columbia💸 $99200.00 per year -
Policy Analyst/Senior Policy Analyst, Security, and Foreign Affairs
United States-China Economic and Security Review Commission in Washington, District of Columbia -
Information Security Analyst Mid-Level
General Dynamics Corporation in Washington, District of Columbia💸 $110500 - $149500. per year -
AWS Cloud Security Analyst
SAIC in Remote Work, District of Columbia💸 $115001 - $125000. per year -
Energy Supply Chain Security and Risk Assessment Analyst
System One Holdings, LLC in Washington, District of Columbia -
Senior Cyber Security Analyst (Remote)
CareFirst in Washington, District of Columbia -
AWS Cloud Security Analyst with Project Management experience
SAIC in Remote Work, District of Columbia💸 $115001 - $125000. per year -
Security Operations Analyst, Senior
Seneca Resources Company, LLC in Washington, District of Columbia💸 $120000 per year -
Lead Cyber Security Analyst (Remote)
CareFirst in Washington, District of Columbia -
MANAGEMENT AND PROGRAM ANALYST, GS-13, FBI Only, Clearance Investigations Unit, Security Division, Washington, DC
FBI in Washington, District of Columbia💸 $99200.00 per year -
Information Security Analyst (Threat Hunt Lead)
Computer World Services Corp. (CWS) in Washington, District of Columbia -
Senior Security Analyst
SAIC in Washington, District of Columbia💸 $80001 - $120000. per year