Cyber Threat Hunt Analyst - Mid
$85,150 - $153,925/Yr
Leidos - Ashburn, VA
posted 24 days ago
Full-time - Mid Level
Ashburn, VA
10,001+ employees
Professional, Scientific, and Technical Services
About the position
The Cyber Threat Hunt Analyst position at Leidos involves conducting in-depth technical analysis of network and endpoint logs to identify and mitigate cyber threats against U.S. Customs and Border Protection (CBP) systems. The role requires executing cyber threat hunts, preparing technical reports, and collaborating with various teams to enhance the security posture of the organization. The analyst will utilize threat intelligence, the MITRE ATT&CK framework, and develop scripts to support threat detection and reporting.
Responsibilities
- Conduct cyber threat analysis and identify mitigation or remediation actions.
- Develop actionable intelligence to protect organizational IT assets.
- Trend cyber threat metrics for leadership situational awareness.
- Utilize Threat Intelligence and Threat Models to create threat hypotheses for threat hunts.
- Identify, track, and investigate high priority threat campaigns and malicious actors.
- Execute ad hoc threat hunts on agency assets to identify threat activity.
- Utilize the MITRE ATT&CK framework to understand adversary TTPs and organize threat hunts accordingly.
- Maintain a comprehensive understanding of the cyber threat landscape.
- Prepare and report risk analysis and threat findings to stakeholders.
- Create and assist with the development of new security content based on hunt missions.
- Coordinate with teams to improve threat detection and response.
- Plan, scope, and execute Threat Hunt Missions to verify threat hypotheses.
- Proactively search through systems and networks to detect advanced threats.
- Analyze host, network, and application logs, as well as malware and code.
- Develop scripts to support cyber threat detection in various formats.
- Produce high-quality technical and non-technical reports and briefings with minimal supervision.
- Maintain the daily battle rhythm for the Cyber Threat Hunt team.
Requirements
- Minimum of five (5) years of professional experience in incident detection and response, malware analysis, or cyber forensics.
- Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field with three (3) years of relevant experience.
- 2+ years of recent experience with host-based and network-based security monitoring.
- Experience developing scripts in VB, Python, C++, HTML, XML, or similar formats.
- Established experience with incident response and SIEM tools, host-based logs, and network-based logs.
- Ability to work independently with minimal direction.
Nice-to-haves
- Five (5) years of hands-on experience in cybersecurity monitoring.
- Previous DOD, IC, or Law Enforcement Intelligence or Counterintelligence Training/Experience.
- Experience planning and executing threat hunt missions.
- Understanding of complex Enterprise networks including routing, switching, firewalls, and proxies.
- Working knowledge of common networking protocols (HTTP, DNS, SMB, etc.).
- Familiarity with both Windows and Linux systems.
- Proficient with scripting languages such as Python or PowerShell.
- Familiarity with Splunk SPL and/or Elastic DSL.
Benefits
- Competitive compensation
- Health and Wellness programs
- Life Protection
- Paid Leave
- Retirement plans
