Information Security Analyst (Threat Hunt Lead)
Washington, District of Columbia
Employer: Computer World Services Corp. (CWS)
Industry: Government
Salary: Competitive
Job type: Full-Time
Job Description
The Threat Hunt (TH) Lead oversees a team responsible for proactively assessing data collected from various cyber defense tools to analyze events within organizational environments for identifying and mitigating threats. This role requires a deep understanding of cyber threats, advanced persistent threats (APTs), and the ability to leverage a variety of tools and techniques to hunt for indicators of compromise (IOCs) and adversary tactics, techniques, and procedures (TTPs).
Key Tasks and Responsibilities
• Actively hunt for indicators of compromise (IOCs) and advanced persistent threats (APT) Tactics, Techniques, and Procedures (TTPs) in the network and on hosts using tools such as Azure Sentinel, PowerBI, Tenable, and M365 Defender.
• Analyze threat actor activity, identify intrusions, create detections, and track campaigns.
• Analyze collected data to identify trends in the security environment.
• Escalate threat and IOC details to the Cybersecurity team for implementing additional security controls.
• Leverage Microsoft Sentinel security information and event (SIEM) tool and other monitoring tools for security monitoring and proactive threat hunting.
• Utilize threat intelligence and open-source cybersecurity outlets to enhance TH operations.
• Develop and implement playbooks and automation objects for threat hunting capabilities.
• Manage security-related events/incidents using CUSTOMER and DHS ticketing systems.
• Utilize CUSTOMER Security Orchestration and Automated Response (SOAR) tool for automating threat hunting and incident handling.
• Research emerging threats and publish internal Threat Briefs.
• Create reports and presentations on research and findings.
• Recommend mitigation strategies based on IOCs and adversarial TTPs.
• Collaborate with SOC and Cyber Security teams on research results.
• Participate in DHS SOC status calls and working group meetings.
• Support ad hoc meetings requiring TH expertise.
• Update threat hunting status reports and act as backup briefer to Government at ITCSP weekly staff meetings.
• Develop and maintain TH repository of findings and SOPs.
• Support incident response efforts in collaboration with Cybersecurity and IT support teams.
• Interface with DHS SOC and other agencies or companies as needed.
• Provide threat hunting status reports to stakeholders.
• Support efforts to advance the maturity level of threat hunting capabilities of the CUSTOMER SOC based on the DHS defined Maturity Model.
• Support annual self-assessment of threat hunting capabilities against the DHS CSP maturity model.
• Support threat hunting aspects of formal DHS CSP assessments and cybersecurity tabletop exercises.
Job Requirements:
Education & Experience
• Bachelor's degree (preferred).
• Minimum 10 years of overall IT experience.
• 5 years of experience in a lead role managing a Security Operations Center or Threat Hunting team.
• 3 years of experience performing proactive threat hunting duties.
• 3 years of experience leveraging SIEM and SOAR products (Microsoft Sentinel preferred) for threat hunting duties.
• Knowledge of intelligence frameworks, processes, and cyber intelligence/information repositories.
• Understanding of cyber operations concepts, terminology, principles, capabilities, and limitations.
• Ability to synthesize complex information and communicate analysis effectively.
• Independent work capability and creative problem-solving skills.
• Strong representation skills in intra- and inter-agency meetings and with external partners.
Certifications
• At least one of relevant industry certifications such as GCTI (Global Information Assurance Certification [GIAC] Cyber Threat Intelligence), GCFA (GIAC Certified Forensic Analyst), GNFA (GIAC Network Forensic Analyst), GIAC Security Expert (GSE), or equivalent.
Security Clearance
• Candidate must be a US Citizen.
• DHS Customer will perform and adjudicate customer background investigation prior to work start.
• Candidate must be eligibility for potential Top Secret or Top Secret with SCI.
• Active Top Secret Clearance (Preferred).
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
• Local travel within 50-mile radius of Washington, DC may be required.
• Work location in Washington DC with Telework/Remote work authorized at Customer discretion.
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at
314.952.5138
or
[email protected]
.
Get job alerts by email. Sign up now! Join Our Talent Network!
Job Snapshot
Employee Type Full-Time
Location Washington, DC Metro Area (Hybrid)
Job Type Government, Information Technology, Other
Experience Not Specified
Date Posted 09/07/2024
Job ID 4201/3180/21093
Apply to this job.
Think you're the perfect candidate?
The Threat Hunt (TH) Lead oversees a team responsible for proactively assessing data collected from various cyber defense tools to analyze events within organizational environments for identifying and mitigating threats. This role requires a deep understanding of cyber threats, advanced persistent threats (APTs), and the ability to leverage a variety of tools and techniques to hunt for indicators of compromise (IOCs) and adversary tactics, techniques, and procedures (TTPs).
Key Tasks and Responsibilities
• Actively hunt for indicators of compromise (IOCs) and advanced persistent threats (APT) Tactics, Techniques, and Procedures (TTPs) in the network and on hosts using tools such as Azure Sentinel, PowerBI, Tenable, and M365 Defender.
• Analyze threat actor activity, identify intrusions, create detections, and track campaigns.
• Analyze collected data to identify trends in the security environment.
• Escalate threat and IOC details to the Cybersecurity team for implementing additional security controls.
• Leverage Microsoft Sentinel security information and event (SIEM) tool and other monitoring tools for security monitoring and proactive threat hunting.
• Utilize threat intelligence and open-source cybersecurity outlets to enhance TH operations.
• Develop and implement playbooks and automation objects for threat hunting capabilities.
• Manage security-related events/incidents using CUSTOMER and DHS ticketing systems.
• Utilize CUSTOMER Security Orchestration and Automated Response (SOAR) tool for automating threat hunting and incident handling.
• Research emerging threats and publish internal Threat Briefs.
• Create reports and presentations on research and findings.
• Recommend mitigation strategies based on IOCs and adversarial TTPs.
• Collaborate with SOC and Cyber Security teams on research results.
• Participate in DHS SOC status calls and working group meetings.
• Support ad hoc meetings requiring TH expertise.
• Update threat hunting status reports and act as backup briefer to Government at ITCSP weekly staff meetings.
• Develop and maintain TH repository of findings and SOPs.
• Support incident response efforts in collaboration with Cybersecurity and IT support teams.
• Interface with DHS SOC and other agencies or companies as needed.
• Provide threat hunting status reports to stakeholders.
• Support efforts to advance the maturity level of threat hunting capabilities of the CUSTOMER SOC based on the DHS defined Maturity Model.
• Support annual self-assessment of threat hunting capabilities against the DHS CSP maturity model.
• Support threat hunting aspects of formal DHS CSP assessments and cybersecurity tabletop exercises.
Job Requirements:
Education & Experience
• Bachelor's degree (preferred).
• Minimum 10 years of overall IT experience.
• 5 years of experience in a lead role managing a Security Operations Center or Threat Hunting team.
• 3 years of experience performing proactive threat hunting duties.
• 3 years of experience leveraging SIEM and SOAR products (Microsoft Sentinel preferred) for threat hunting duties.
• Knowledge of intelligence frameworks, processes, and cyber intelligence/information repositories.
• Understanding of cyber operations concepts, terminology, principles, capabilities, and limitations.
• Ability to synthesize complex information and communicate analysis effectively.
• Independent work capability and creative problem-solving skills.
• Strong representation skills in intra- and inter-agency meetings and with external partners.
Certifications
• At least one of relevant industry certifications such as GCTI (Global Information Assurance Certification [GIAC] Cyber Threat Intelligence), GCFA (GIAC Certified Forensic Analyst), GNFA (GIAC Network Forensic Analyst), GIAC Security Expert (GSE), or equivalent.
Security Clearance
• Candidate must be a US Citizen.
• DHS Customer will perform and adjudicate customer background investigation prior to work start.
• Candidate must be eligibility for potential Top Secret or Top Secret with SCI.
• Active Top Secret Clearance (Preferred).
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
• Local travel within 50-mile radius of Washington, DC may be required.
• Work location in Washington DC with Telework/Remote work authorized at Customer discretion.
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at
314.952.5138
or
[email protected]
.
Get job alerts by email. Sign up now! Join Our Talent Network!
Job Snapshot
Employee Type Full-Time
Location Washington, DC Metro Area (Hybrid)
Job Type Government, Information Technology, Other
Experience Not Specified
Date Posted 09/07/2024
Job ID 4201/3180/21093
Apply to this job.
Think you're the perfect candidate?
Created: 2024-09-13
Reference: MZF1KuKVMPhc
Country: United States
State: District of Columbia
City: Washington
ZIP: 20010
Similar jobs:
-
MANAGEMENT AND PROGRAM ANALYST, GS-13, FBI ONLY, OFFICE OF SECURITY OPERATIONS, SECURITY DIVISION, WASHINGTON, DC
FBI in Washington, District of Columbia💸 $117962.00 per year -
MANAGEMENT AND PROGRAM ANALYST, GS-13, FBI Only, Office of Security Operations, Security Division, Washington, DC
FBI in Washington, District of Columbia💸 $117962.00 per year -
Governance, Risk, & Compliance (GRC) Security Risk Senior Analyst
TikTok in Washington, District of Columbia -
Cyber Security Analyst-Level 4 104-008
IC-CAP LLC in Washington, District of Columbia -
FIRST Nuclear Security, Scientist Engagement, and Science Centers Program Analyst
General Dynamics Corporation in Washington, District of Columbia💸 $76500 - $103500. per year -
Third Party Security Management Analyst Intern (Global Security) - 2025 Summer (BS/MS)
TikTok in Washington, District of Columbia -
Cyber Security Analyst-Level 6 104-010
IC-CAP LLC in Washington, District of Columbia -
Lead Infrastructure Resilience Analyst - Active Security Clearance Required
LLNL in Washington, District of Columbia💸 $265188 per year -
Senior Incident Response Analyst - Cyber Security Operations Center
Leidos Holding in Washington, District of Columbia💸 $101400.00 per year -
Senior Cyber Security Operations Center (CSOC) Analyst - USDS
TikTok in Washington, District of Columbia -
Security Analyst - TEMPEST
Apex Systems in Washington, District of Columbia -
Lead Cyber Security Analyst (Hybrid)
CareFirst in Washington, District of Columbia -
Senior Information Security Analyst - Level 1 RPO
Insight Global in Washington, District of Columbia -
Cyber Security Analyst Level 5 104-009
IC-CAP LLC in Washington, District of Columbia -
Cyber Security Analyst-Level 3 104-007
IC-CAP LLC in Washington, District of Columbia -
Information Security Analyst - Level 1 RPO
Insight Global in Washington, District of Columbia -
Reporting and Documentation Analyst Intern (TikTok Global Security) - 2025 Summer (BS/MS)
TikTok in Washington, District of Columbia