Threat Hunter Engineer

Overview

What We're Looking For

An Experienced Threat Hunter/Cyber Security analyst or Engineer who can perform Cyber Threat Hunts by identifying patterns and anomalies in data that are not immediately obvious. Leverage the MITRE ATT&CK framework to develop threat models and methodologies in building operational engagement plans. Utilize Threat Intelligence and Threat Models to create threat hypotheses and plan and scope Threat Hunt Missions to verify threat hypotheses. Conducts network or software vulnerability assessments and Red Team penetration testing utilizing reverse engineering techniques. Perform vulnerability analysis and exploitation of applications, operating systems or networks. Identifies intrusion or incident path and method. Isolates, blocks or removes threat access. Develop and use malware, pivoting, escalating privileges to test the organization's security effectiveness

Job Duties 

• Proactively search through systems and networks to detect advanced threats.
• Analyze host, network, and application logs in addition to malware and code.
• Create, recommend, and assist with developing new security content from hunt missions, including signatures, alerts, workflows, and automation.
• Monitor intrusion detection system and analyze alerts.
• Lead threat hunting daily operations as well as significantly contribute to the strategic direction of the threat hunt team. 
• Collaborate with security engineers to create use cases and correlation alerts in the SIEM for continuous security monitoring.
• Write technical and executive threat hunt reports as well as highlight and identify risks and gaps resulting from the hunts.
• Participate in threat hunting operations using threat intelligence, analysis of anomalous log data, and results of brainstorming sessions to detect and mitigate threat actors on the network.
• Develop advanced methodologies to identify threat actor groups and associated tools, techniques, and procedures.
• Produce metrics and develop dashboards to identify potential threats, suspicious/anomalous activity, malware, etc.
• Consult and inform on the tuning of detection infrastructure with technology teams to identify emerging threats.
• Apply analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats.
• Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise
• Develop new, and improve existing, threat hunt processes. 
• Review the ingest of cyber news feeds, signature updates, incident reports, threat briefs, and vulnerability alerts and determine its applicability to the systems environment.
• Identify potential threats and identify current and evolving hacking tools and methodologies available to disrupt these systems.
• Utilize tools such as Wire Shark for network data forensics, Elastic for security data ingestion, and security data analysis
• Review and analyze security incidents and support incident response

Qualifications

What You'll Need   

• 10 years of computer information technology experience.
• 3 years performing Cyber Hunt activities
• 3 years of intrusion detection and/or incident handling experience
• Bachelor degree
• Certification: CISSP, GIAC, CEH, CISA, CISP, or equivalent
• Knowledge/Understanding of Cyber Kill Chain threat framework/model for the identification and prevention of cyber intrusions activity and for enhanced insights and reporting of cyber activity
• TS/SCI clearance capability

Scheduled Weekly Hours
40
Travel Required
Less than 10%
Telecommuting Options
Hybrid
Work Location:
Columbia, Maryland