top of page

Threat Hunt Analyst

Ashburn, VA, USA

Job Type

Contract

Workspace

Hybrid

About the Role

- Create Threat Models to better understand the Agency's IT Enterprise, identify defensive gaps, and prioritize mitigations
- Author, update, and maintain SOPs, playbooks, work instructions
- Utilize Threat Intelligence and Threat Models to create threat hypotheses
- Plan and scope Threat Hunt Missions to verify threat hypotheses
- Proactively and iteratively search through systems and networks to detect advanced threats
- Analyze host, network, and application logs in addition to malware and code
- Prepare and report risk analysis and threat findings to appropriate stakeholders
- Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation.
- Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise

Requirements

Preferred Qualifications

  • Expertise in network and host-based analysis and investigation

  • Demonstrated experience planning and executing threat hunt missions

  • Understanding of complex Enterprise networks to include routing, switching, firewalls, proxies, load balancers

  • Working knowledge of common (HTTP, DNS, SMB, etc) networking protocols

  • Familiar with operation of both Windows and Linux based systems

  • Proficient with scripting languages such as Python or PowerShell

  • Familiarity with Splunk Search Processing Language (SPL) and/or Elastic Domain Specific Language (DSL)

  • Demonstrated experience triaging and responding to APT activities.

  • Experience working with various technologies and platform such as AWS, Azure, O365, containers, etc.

  • Understanding of current cyber threat landscape, the different tactics commonly used by adversaries and how you would investigate, contain and recover against their attacks.

Education

BS degree or equivalent and 2-4 years of prior relevant experience, or a master’s with less than 2 years, in order to operate within the scope contemplated by the level.

bottom of page