|Preferred GIAC Certifications||GCIH, GCFA, GNFA, GPEN|
|Contact Name||Justin Baker|
MITRE’s Cyber Operations and Effects Tech Center is seeking an experienced cyber defender with both a technical and operational background, such as: SOC analysts, security engineers, incident responders, or threat hunters. Experience with MITRE ATT&CK as well as researching, creating, and deploying analytics on platforms such as Splunk or ELK is a plus. You will lead a team of cyber engineers to perform cyber assessments in support of DoD organizations to ensure a robust cyber defense architecture on relevant systems, as well as identify and assist in remediation of detected malicious cyber activity. Additionally, you will be responsible for mission prep, execution, and reporting, as well as developing, improving and/or evaluating tools, techniques, and procedures (TTPs) for detecting and responding to modern, advanced persistent cyber threats. You’ll work collaboratively with our staff of cybersecurity engineers to hunt threats, improve SOC operations, and research solutions to improve the state of cybersecurity globally.
You will be directly involved with:
Developing and maintaining relationships with organizations under assessment during preparation, execution, and wrap-up of assessment activities.
Scoping assessments in terms of technologies, technical approach, team size and skill mix, and technical implementation of assessment plans.
Conducting data collection, analysis, triage, and reporting as appropriate. Examples of subject data and analysis are: host logs, netflow, PCAP, syslog/snmp logs, memory captures, and other similar data.
Combining cybersecurity domain expertise and contemporary data science skills to enhance adversary detection, network defense, and SOC process improvement.
Building analytics leveraging heuristics and machine learning to identify malicious network traffic, endpoint behavior, user behavior, and files.
Using MITRE ATT&CK® to build detection capability and hunt the adversary, both on the network using tools like Zeek or full PCAP and on the endpoint using EDRs, Microsoft Sysmon, and OSQuery.
Bringing actionable cyber threat intelligence to bear to improve defenses and enable detection and response.
Building security analytics and dashboards in ELK and Splunk.
Developing findings and recommendations and final report products and delivering/presenting to the Government sponsor.
Conducting technology R&D and prototype/proof of concept development involving: virtualization, cloud, devops/orchestration, analytic development, visualization development, and other innovation to improve threat detection and response.
Bachelor’s degree in Computer science, cybersecurity, information technology, computer engineering, or a related field.
8 years of related experience
Ability to travel ~25%
Experience in one or more of the following areas: incident response, cyber threat hunting, cyber threat intelligence, cybersecurity engineering (resilient systems security engineering), and/or cybersecurity analytics.
Strong knowledge of advanced cyber threats and adversary methodologies.
Must possess and maintain a Secret level security clearance
Ability to document and/or present ideas and findings such that others can easily learn from or make decisions based upon the material.
Ability to develop new ideas and techniques that advance the state of the practice for cyber defensive operations.
Familiarity with vulnerability assessment, penetration testing, and/or detection/hunting toolsets, such as: Redline, Volexity, Surge/Volcano, Volatility, Beats, ELK, Splunk, Wireshark, TCPdump, tshark
Related certification(s) such as: CISSP, CEH, OSCP, GCIH, GCFA, GNFA, GPEN
Advanced degree in Computer Science and/or Electrical Engineering
Obtain a Top Secret level security clearance