This job is closed
We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.
Mindpoint Group
posted about 2 months ago
Full-time
Remote
Professional, Scientific, and Technical Services
About the position
MindPoint Group, LLC is seeking a Cyber Threat Hunter to join the Cyber Threat Hunt team for one of its largest clients. This role is essential for enhancing the client's operational capabilities in defending federal infrastructure against advanced global threats. The successful candidate will collaborate with a team of experienced threat hunters and analysts to actively identify and mitigate cyber threats.
Responsibilities
- Actively hunt for Indicators of Compromise (IOC) and Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTP) in the network and host systems.
- Search network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns.
- Create detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate team.
- Collaborate with the SOC and Threat Analysts to contain and investigate major incidents.
- Provide simple and reusable hunt tactics and techniques to a team of security engineers, SIEM specialists, and SOC analysts.
- Work with leadership and the engineering team to improve and expand available toolsets.
- Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture.
- Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs.
Requirements
- Active Top Secret clearance with the ability to obtain an SCI required.
- 10 years of general experience and 8 years of relevant Cybersecurity experience.
- Experience with securing and hardening IT infrastructure.
- Demonstrated or advanced experience with computer networking and operating systems.
- Experience with operational security, including security operations center (SOC), incident response, malware analysis, or IDS and IPS analyses.
- Demonstrated proficiency with regular expression and scripting languages, including Python or PowerShell.
- Demonstrated proficiency with data hunting, including ELK, Splunk, Apache Spark, or AWS Stack.
- Familiarity with Netflow data, DNS logs, Proxy Logs.
- Experience with network hunting, including Bro Logs, Netflow, PCAP, or PaloAlto firewalls and proxies.
- Knowledge of Windows and Linux OS' and command line.
- Ability to analyze malware, extract indicators, and create signatures in Yara, Snort, and IOCs.
- Strong analytical skills and the ability to effectively research, write, communicate and brief varying levels of audiences to include at the executive level.
- Knowledge related to the current state of cyber adversary tactics and trends.
- Knowledge of the Splunk search language, search techniques, alerts, dashboards, and report building.
- Knowledge of the TCP/IP networking stack and network IDS technologies.
Nice-to-haves
- Bachelor's Degree in a CS-related field preferred.
- Certifications Desired: CISSP, SANS GCTI, CCSP, GCFA, GCFE, GREM, GNFA, or OSCP Certification.
