Senior Threat Hunter - On-site one day a week Washington, DC
Company: Axxum Technologies
Location: Washington
Posted on: November 17, 2024
Job Description:
As a Senior Threat Hunter
You will be responsible for participating in threat actor-based
investigations, creating new detection methodologies, and providing
expert support to incident response and monitoring functions.
Responsibilities:
- General SIEM monitoring, analysis, content development, and
maintenance.
- Research, analysis, and response for alerts; including log
retrieval and documentation.
- Conduct analysis of network traffic and host activity across a
wide array of technologies and platforms.
- Assist in incident response activities such as host triage and
retrieval, malware analysis, remote system analysis, end-user
interviews, and remediation efforts.
- Compile detailed investigation and analysis reports for
internal SOC consumption and delivery to management.
- Track threat actors and associated tactics, techniques, and
procedures (TTPs).
- Capture intelligence on threat actor TTPs and develop
countermeasures in response to threat actors.
- Analyze network traffic, IDS/IPS/DLP events, packet capture,
and FW logs.
- Analyze malicious campaigns and evaluate effectiveness of
security technologies.
- Coordinate threat hunting activities across the network
leveraging intelligence from multiple internal and external
sources, as well as cutting-edge security technologies.
- Design and build custom tools for investigations, hunting, and
research.
- Assist in the design, evaluation, and implementation of new
security technologies.
- Lead response and investigation efforts into advanced/targeted
attacks.
- Hunt for and identify threat actor groups and their techniques,
tools, and processes.
- Identify gaps in IT infrastructure by mimicking an attacker's
behaviors and responses.
- Provide expert analytic investigative support of large scale
and complex security incidents.
- Perform Root Cause Analysis of security incidents for further
enhancement of alert catalog.
- Continuously improve processes for use across multiple
detection sets for more efficient Security Operations.
- Review alerts generated by detection infrastructure for false
positive alerts and modify alerts as needed.
- Develop dashboards and reports to identify potential threats,
suspicious/anomalous activity, malware, etc.
- Provide forensic analysis of network packet captures, DNS,
proxy, Netflow, malware, host-based security and application logs,
as well as logs from various types of security sensors.
- A passion for research, and uncovering the unknown about
internet threats and threat actors.
- Ensure the SOC analyst team is providing excellent customer
service and support.
REQUIRED EXPERIENCE:
- 7+ years of relevant cyber security experience in IT Security,
Incident Response or network security with strong knowledge working
in a Security Operations Center.
- BA/BS degree is required OR an additional 6 years of relevant
work experience in lieu of degree.
- 5+ years experience with the incident response process,
including detecting advanced adversaries, log analysis using Splunk
or similar tools, and malware triage.
- 5+ years experience with creating automated log correlations in
Splunk or a similar tool to identify anomalous and potentially
malicious behavior.
- Demonstrated knowledge of the Splunk search language, search
techniques, alerts, dashboards and report building.
- Strong analytical and investigation skills & active threat
hunting and adversary tracking.
- Working knowledge of security architectures, devices and threat
intelligence consumption and management.
- Working knowledge of root causes of malware infections and
proactive mitigation.
- Working knowledge of lateral movement, footholds, and data
exfiltration techniques.
- Experience with Netflow or PCAP analysis.
- Track record of creative problem solving, and the desire to
create and build new processes.
- Experience and knowledge of packet flow, TCP/UDP traffic,
firewall technologies, IDS technologies, proxy technologies, and
antivirus, spam and spyware solutions.
- Convert intelligence into actionable mitigation and technical
control recommendations.
- Knowledge of the underlying logic that security alerts are
built upon and apply them when analyzing raw logs and creating new
dashboards and alerts.
- Knowledge of typical behaviors of both malware and threat
actors and how common protocols and applications work at the
network level, including DNS, HTTP, and SMB.
- Strong time management and multitasking skills as well as
attention to detail as well as strong collaborative skills and
proven ability to work in a diverse team of security
professionals.
DESIRED EXPERIENCE:
- Experience with one or more scripting languages (e.g., Python,
JavaScript, Perl).
- Perform memory analysis and malware analysis.
- Experience with computer exploitation methodologies.
- Experience as a government contractor.
- GCIA, GCIH, GMON, GDAT, Splunk Core Power User, and a minimum
of 7 years related experience.
SALARY AND BENEFITS
The leadership of our Company believes in attracting and retaining
exceptional talent committed to serving our clients. We offer a
generous benefits package including health insurance, paid
vacation, disability, and life insurance, and more. Please visit
our Careers page for additional information. Salary and benefits
information will be available to applicants, when and if an offer
is made.
OUR COMMITMENT TO DIVERSITY, EQUITY, AND INCLUSION
The leadership of our Company is committed to a work culture of
zealous advocacy, respect, diversity and inclusion, client-oriented
defense, access to justice and excellent representation. We are
dedicated to building a strong professional relationship with each
of our clients, to understanding their diverse circumstances, and
to meeting their needs. Our ability to achieve these goals depends
on the efforts of all of us.
HOW TO APPLY
All applications must be completed online. We do not accept paper
submissions. Please visit our Careers Page to review all current
job postings, and instructions on the application process.
As an Equal Employment Opportunity (EEO) Employer, Cycurion, Inc.
and our Subsidiaries prohibit discriminatory employment actions
against and treatment of its employees and applicants for
employment based on actual or perceived race or color, size
(including bone structure, body size, height, shape, and weight),
religion or creed, alienage or citizenship status, sex (including
pregnancy), national origin, age, sexual orientation, gender
identity (one's internal deeply-held sense of one's gender which
may be the same or different from one's sex assigned at birth;
one's gender identity may be male, female, neither or both, e.g.,
non-binary), gender expression (the representation of gender as
expressed through, for example, one's name, choice of pronouns,
clothing, haircut, behavior, voice, or body characteristics; gender
expression may not be distinctively male or female and may not
conform to traditional gender-based stereotypes assigned to
specific gender identities), disability, marital status,
relationship and family structure (including domestic partnerships,
polyamorous families and individuals, chosen family, platonic
co-parents, and multigenerational families), genetic information or
predisposing genetic characteristics, military status, domestic
violence victim status, arrest or pre-employment conviction record,
credit history, unemployment status, caregiver status, salary
history, or any other characteristic protected by law.
#J-18808-Ljbffr
Keywords: Axxum Technologies, Sterling , Senior Threat Hunter - On-site one day a week Washington, DC, Other , Washington, Virginia
Didn't find what you're looking for? Search again!
Loading more jobs...