The position is onsite in St Louis, MO and requires an active TS/SCI for consideration. A CI polygraph is also required within 12 months.
A Cyber Threat Hunter is part of a team of skilled Cybersecurity professionals that support the design, build, and sustainment of the Cyber-Security Operation Center (CSOC) within the organization. Hunt Team Members interact daily and provide support to the overall CSOC through a wide variety of industry leading capabilities and data sets to include Endpoint Telemetry data, Live Network Packet Capture, IDS/IPS, Security Orchestration, Automation, and Response (SOAR), Cyber Threat Emulation (CTE), and Data Analytics Platforms.
What You'll Get to Do:
- Perform proactive detection of advanced threat actors within the network
- Uncover visibility gaps, while working with the network monitoring and advanced analytics teams to improve detection capabilities and security controls
- Research new security topics (mostly based on MITRE ATT&CK Framework), develop and test your hypotheses, and share your knowledge and findings with teammates as well as management
- Responsible for creating detailed reports on Hunt mission findings for the customer
- Responsible for developing and maintaining standard processes and operating procedures, creating technical architecture diagrams and system build documentation
You'll Bring These Qualifications:
- Bachelor's Degree in a Technical field (i.e. Information Technology, Information Systems,
Computer Science) - 4+ years of experience within a Cyber Security Operation Center or as an Intelligence Officer
- 2+ years' experience supporting security incidents response activities
- Solid understanding of threat actors, threat campaigns, malware analysis, and/or DFIR while keeping up to date on the latest innovation in cybersecurity
- Ability to brief Sr. Leadership to include SOC Director's, CISO's or Agency Director
- Solid writing skills and ability to create threat diagrams as needed
- DoD 8140.01 and DoD 8570.01-M.IAT Level III Certification
- Experience utilizing SIEM or Data Analytics capability (e.g. ELK, ArcSight, or Splunk)
- Experience utilizing endpoint security technologies (e.g. CarbonBlack, Endgame, or FireEye HX)
- Understanding of the MITRE ATT&CK framework and deep understanding of the tactics,
techniques and procedures within the ATT&CK framework - Multi-tasker who is able to work effectively on a team, as well as independently, with minimal supervision
These Qualifications Would be Nice to Have:
- Master's Degree in a Technical field, Political Science, Business Intelligence, Data Science, or Intelligence Analysis
- Strong understanding of Indicators of Compromise (IOC) (e.g. YARA, STIX)
- Experiences with Maltego, Analyst Notebook, or Analyst Platform
- Scripting skills (BASH, Python, PowerShell)
- Desirable certifications include, but not limited to: CISSP, GCIH, GCIA, GCFE, GREM, GCFA, GSEC, CEH, or equivalent Certifications