Leidos - Ashburn, VA
posted 24 days ago
Full-time - Mid Level
Ashburn, VA
10,001+ employees
Professional, Scientific, and Technical Services
About the position
The Cyber Threat Hunt Analyst position at Leidos involves working within the U.S. Department of Homeland Security's Customs and Border Protection Security Operations Center. The role focuses on preventing, identifying, containing, and eradicating cyber threats to CBP networks through proactive threat hunting, analysis, and reporting. The analyst will create threat models, develop scripts for threat detection, and lead cyber threat hunt missions while collaborating with various teams to enhance the overall security posture of the organization.
Responsibilities
- Create Threat Models to understand the DHS IT Enterprise and identify defensive gaps.
- Author, update, and maintain SOPs, playbooks, and work instructions.
- Utilize Threat Intelligence and Threat Models to create threat hypotheses.
- Plan and scope Threat Hunt Missions to verify threat hypotheses.
- Proactively search through systems and networks to detect advanced threats.
- Analyze host, network, and application logs, as well as malware and code.
- Prepare and report risk analysis and threat findings to stakeholders.
- Lead cyber threat hunt missions with minimal supervision and recommend best practices.
- Develop scripts to support cyber threat detection in various formats.
- Conduct cyber threat analysis and develop actionable intelligence.
- Create and recommend new security content based on hunt missions.
- Coordinate with teams to improve threat detection and response.
- Identify and investigate high priority threat campaigns and malicious actors.
- Maintain understanding of the cyber threat landscape and enhance cybersecurity posture.
Requirements
- Bachelor's Degree and 8 - 12 years of relevant experience.
- 5+ years of experience with host-based and network-based security monitoring.
- Experience developing scripts in VB, Python, C++, HTML, XML, or similar.
- Ability to work independently with minimal direction.
- Required certifications: CISSP, SANS certifications, OSCP, OSCE, OSWP, etc.
Nice-to-haves
- Five years of hands-on experience in cybersecurity monitoring.
- Understanding of complex Enterprise networks including routing and firewalls.
- Experience planning and executing threat hunt missions.
- Knowledge of common networking protocols (HTTP, DNS, SMB).
- Expertise in network and host-based analysis.
- Previous DOD, IC, or Law Enforcement experience.
- Knowledge of Structured Analytic Techniques.
- Advanced Degree in Cyber Security or related field.
- Familiarity with Windows and Linux systems.
- Proficient with scripting languages like Python or PowerShell.
- Familiarity with Splunk SPL or Elastic DSL.
Benefits
- Competitive compensation
- Health and Wellness programs
- Life Protection
- Paid Leave
- Retirement plans
