Address
Form of work
SalaryJob Description
The Threat Hunt (TH) Lead oversees a team responsible for proactively assessing data collected from various cyber defense tools to analyze events within organizational environments for identifying and mitigating threats. This role requires a deep understanding of cyber threats, advanced persistent threats (APTs), and the ability to leverage a variety of tools and techniques to hunt for indicators of compromise (IOCs) and adversary tactics, techniques, and procedures (TTPs).
Key Tasks and Responsibilities
- Actively hunt for indicators of compromise (IOCs) and advanced persistent threats (APT) Tactics, Techniques, and Procedures (TTPs) in the network and on hosts using tools such as Azure Sentinel, PowerBI, Tenable, and M365 Defender.
- Analyze threat actor activity, identify intrusions, create detections, and track campaigns.
- Analyze collected data to identify trends in the security environment.
- Escalate threat and IOC details to the Cybersecurity team for implementing additional security controls.
- Leverage Microsoft Sentinel security information and event (SIEM) tool and other monitoring tools for security monitoring and proactive Threat Hunting.
- Utilize threat intelligence and open-source cybersecurity outlets to enhance TH operations.
- Develop and implement playbooks and automation objects for Threat Hunting capabilities.
- Manage security-related events/incidents using CUSTOMER and DHS ticketing systems.
- Utilize CUSTOMER Security Orchestration and Automated Response (SOAR) tool for automating Threat Hunting and incident handling.
- Research emerging threats and publish internal Threat Briefs.
- Create reports and presentations on research and findings.
- Recommend mitigation strategies based on IOCs and adversarial TTPs.
- Collaborate with SOC and Cyber Security teams on research results.
- Participate in DHS SOC status calls and working group meetings.
- Support ad hoc meetings requiring TH expertise.
- Update Threat Hunting status reports and act as backup briefer to Government at ITCSP weekly staff meetings.
- Develop and maintain TH repository of findings and SOPs.
- Support incident response efforts in collaboration with Cybersecurity and IT support teams.
- Interface with DHS SOC and other agencies or companies as needed.
- Provide Threat Hunting status reports to stakeholders.
- Support efforts to advance the maturity level of Threat Hunting capabilities of the CUSTOMER SOC based on the DHS defined Maturity Model.
- Support annual self-assessment of Threat Hunting capabilities against the DHS CSP maturity model.
- Support Threat Hunting aspects of formal DHS CSP assessments and cybersecurity tabletop exercises.
Job Requirements:
Education & Experience
- Bachelor’s degree (preferred).
- Minimum 10 years of overall IT experience.
- 5 years of experience in a lead role managing a Security Operations Center or Threat Hunting team.
- 3 years of experience performing proactive Threat Hunting duties.
- 3 years of experience leveraging SIEM and SOAR products (Microsoft Sentinel preferred) for Threat Hunting duties.
- Knowledge of intelligence frameworks, processes, and cyber intelligence/information repositories.
- Understanding of cyber operations concepts, terminology, principles, capabilities, and limitations.
- Ability to synthesize complex information and communicate analysis effectively.
- Independent work capability and creative problem-solving skills.
- Strong representation skills in intra- and inter-agency meetings and with external partners.
Certifications
- At least one of relevant industry certifications such as GCTI (Global Information Assurance Certification [GIAC] Cyber Threat Intelligence), GCFA (GIAC Certified Forensic Analyst), GNFA (GIAC Network Forensic Analyst), GIAC Security Expert (GSE), or equivalent.
Security Clearance
- Candidate must be a US Citizen.
- DHS Customer will perform and adjudicate customer background investigation prior to work start.
- Candidate must be eligibility for potential Top Secret or Top Secret with SCI.
- Active Top Secret Clearance (Preferred).
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
- Local travel within 50-mile radius of Washington, DC may be required.
- Work location in Washington DC with Telework/Remote work authorized at Customer discretion.
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at
314.952.5138 or [email protected].
