Cyber Threat Hunt Lead

Clearance Level
None
Category
Cyber Security
Location
Washington, District of Columbia

REQ#: RQ105026

Travel Required: Less than 10%
Requisition Type: Pipeline

Perform Cyber Threat Hunts by identifying patterns and anomalies in data that are not immediately obvious. Create Threat Models to better understand the Enterprise, identify defensive gaps, and prioritize mitigations. Utilize Threat Intelligence and Threat Models to create threat hypotheses and plan and scope Threat Hunt Missions to verify threat hypotheses.

Duties

  • Proactively and iteratively search through systems and networks to detect advanced threats.
  • Analyze host, network, and application logs in addition to malware and code.
  • Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation.
  • Monitor intrusion detection system and analyze alerts.
  • Lead threat hunting daily operations as well as significantly contribute to the strategic direction of the threat hunt team. 
  • Collaborate with security engineers to create use cases and correlation alerts in the SIEM for continuous security monitoring.
  • Write technical and executive threat hunt reports as well as highlight and identify risks and gaps resulting from the hunts.
  • Participate in threat hunting operations using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect and mitigate threat actors on the network.
  • Develop advanced methodologies to identify threat actor groups and associated tools, techniques and procedures.
  • Produce metrics and develop dashboards to identify potential threats, suspicious/anomalous activity, malware, etc.
  • Consult and inform on the tuning of detection infrastructure with technology teams to identify emerging threats.
  • Apply analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats.
  • Provide guidance and/or lead on the development of on-going information security risk reporting monitoring key trends and defining metrics to regularly measure hunt effectiveness and output.
  • Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise
  • Develop new, and improve existing, threat hunt processes. 
  • Review the ingest of cyber news feeds, signature updates, incident reports, threat briefs, and vulnerability alerts and determine its applicability to the systems environment.
  • Identify potential threats and identify current and evolving hacking tools and methodologies available to disrupt these systems.
  • Utilize tools such as Wire Shark for network data forensics, Splunk for security data ingestion, and Suricata for security data analysis
  • Review and analyze security incidents and support incident response

Qualifications

  • 10 years of computer information technology experience.
  • 3 years performing Cyber Hunt activities
  • 3 years of intrusion detection and/or incident handling experience
  • Bachelor degree
  • Certification: CISSP, GIAC, CEH, CISA, CISP, or equivalent
  • Knowledge/Understanding of Cyber Kill Chain threat framework/model for the identification and prevention of cyber intrusions activity and for enhanced insights and reporting of cyber activity
  • Public Trust clearance capability

This position requires being fully vaccinated against COVID-19 by January 18, 2022 or the start date, if after January 18. Individuals who work in or reside in Florida, Montana, Tennessee, Texas, or work outside of the United States may be excluded from this requirement.

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.