Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Senior Cyber Threat Hunter
Company Federal Reserve System
Location United States - Various
Preferred GIAC Certifications GCIH, GCFA, GCIA
Travel 10%
Salary Not provided
URL https://rb.wd5.myworkdayjobs.com/FRS/job/Richmond-VA/Senior-Cyber-Threat-Hunter_R-0000001455
Contact Name Andrew Skatoff
Contact Email amskatoff/at/gmail.com
Expires 2021-11-12

Job Description

As a Senior Cyber Threat Hunter, you will report to the Senior Manager- Information Security and work on an agile team that effectively detects, analyses, and investigates information security incidents for NIRT's customers across the United States. You will utilize Threat Intelligence and Threat Models to create threat hypotheses, plan and scope Threat Hunt Missions to verify threat hypotheses, prepare and report risk analysis and threat findings to appropriate stakeholders, and have the opportunity to combine your technical expertise with your imagination to discover innovative methods for ensuring that the FRS remains one step ahead of its adversaries around the world.
What You Will Do

Utilize Threat Intelligence and Threat Models to create threat hypotheses
Plan and scope Threat Hunt Missions to verify threat hypotheses
Proactively and iteratively search through systems and networks to detect advanced threats
Prepare and report risk analysis and threat findings to appropriate stakeholders
Identify and propose automated alerts for new and previously unknown threats
Coordinate with different teams across operations, intel, and engineering to iteratively improve security controls and detection capabilities
Direct or lead cybersecurity related activities to mitigate cyber security incidents
Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings)
Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs
Coordinate with intelligence analysts to correlate threat assessment data
Maintain expert knowledge of advanced persistent threats tools, techniques, and procedures (TTPs), as well as forensics and incident response practices
Maintain situational awareness and reports on advanced threats, including Advanced Persistent Threat (APT) and incidents
Analyze data to detect active threats within the network using knowledge of the current threat landscape, threat actor techniques, and the internal network
Coordinate response, triage, and recovery activities for security events
Develop attack detection guidance & response playbooks, counter-measure definition and strategies to mitigate emerging threats
Support micro-PTX (purple team exercises) with monitoring for new detection opportunities
Be a key contributor for initiatives by driving process improvements, strategic planning, accountability, fostering a collaborative work environment and properly managing communications
Provide strategic guidance and support to business partners and leaders during complex situations
Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation
Qualifications

Bachelor’s degree in Information Technology, Computer Science, or a related field; or equivalent work experience
3-5 years in a professional Intrusion Detection or Incident Response role
The following certifications are highly preferred:
SANS GCIH (GIAC Certified Incident Handler)
SANS GCFA (GIAC Certified Forensic Analyst)
SANS GCIA (GIAC Certified Intrusion Analyst)
Expertise in network, host, and cloud-based analysis and investigation
Demonstrated expertise in cloud security, telemetry, and attack techniques
Demonstrated experience planning and executing threat hunt missions
Expertise with operation of both Windows and Linux based systems
Proficient with scripting languages such as Python or PowerShell
Experience with exploratory data analysis and/or machine learning
Proficiency in identifying cyber-attack campaigns
Excellent communication skills
Deep curiosity and ability to quickly learn new technologies
Ability to able to obtain and maintain a National Security Clearance. Ability to obtain a clearance requires US Citizenship.