Cybersecurity Hunt Analyst

The Johns Hopkins University Applied Physics Laboratory - Laurel, MD

posted 4 months ago

Full-time - Mid Level
Laurel, MD
Professional, Scientific, and Technical Services

About the position

As a Cybersecurity Hunt Analyst at APL, you will be an integral part of a highly collaborative Cybersecurity Research & Hunt Team. Your role will involve tracking advanced cyber threats and analyzing data to identify malicious behaviors in a constantly evolving threat landscape. You will perform real-time incident handling, independently following and creating procedures to analyze and contain malicious activity. This includes collecting evidence such as digital media, logs, and malware to perform thorough analyses associated with cyber intrusions. You will maintain a deep understanding of attack methodologies and utilize this knowledge operationally to make informed recommendations and modifications to processes and procedures based on advanced threat behaviors. In this position, you will actively hunt for sophisticated cyber threats by analyzing data and identifying malicious behaviors. You will engage collaboratively with peers to build a comprehensive response to cyber incidents, collecting evidence across multiple platforms and analyzing malware related to cyber intrusions. Keeping current with threat intelligence and adversarial behaviors will be crucial for operational effectiveness. You will also be responsible for developing and enhancing content and methodologies for hunting, monitoring, and responding to incidents across various platforms, including on-premises, SaaS, and IaaS environments. This role requires maturing processes, workflows, and documentation while determining high-fidelity behavioral patterns and crafting content in multiple tools. Additionally, you will participate in project and multi-functional security teams, interacting with system administrators, cloud engineers, IAM administrators, networking staff, application developers, IT operations staff, and cyber research and development areas within the organization. Your contributions will help identify and implement information assurance controls and risk mitigations for IT operations, and you will provide routine reporting on goals and objectives to management.

Responsibilities

  • Hunt for sophisticated cyber threats by analyzing data to identify malicious behaviors.
  • Perform real-time incident handling, independently following and creating procedures to analyze and contain malicious activity.
  • Collaboratively engage with peers to build a comprehensive response to cyber incidents.
  • Collect evidence across multiple platforms and analyze malware related to cyber intrusions.
  • Maintain current knowledge of threat intelligence and adversarial behaviors for operational use.
  • Develop and enhance content and methodologies for hunting, monitoring, and responding to incidents across various platforms.
  • Mature processes, workflows, and documentation related to cybersecurity operations.
  • Determine high fidelity behavioral patterns and craft content in multiple tools.
  • Participate in project and multi-functional security teams to implement information assurance controls and risk mitigations.
  • Provide routine reporting on goals and objectives to management.

Requirements

  • Bachelor's Degree in Information Security, a security-related field, or equivalent experience.
  • 7+ years experience working in multi-platform complex network environments.
  • 5+ years experience in an operational multi-platform cybersecurity environment.
  • Proficiency with extracting and manipulating data using scripting languages such as Python, PowerShell, SPL, or others.
  • Knowledge of cloud-based threats, cloud IAM exploits, and cloud-based lateral movement.
  • Proficient comprehension of IAM authentication anomalies and adversarial exploitation of multi-factor authentication.
  • Understanding of operating systems normal activities, OS internals, and MITRE ATT&CK framework.
  • Experience with Assume Breach methodologies and understanding of Nation State adversaries' attack methodologies.
  • Experience analyzing data with technologies like Splunk, ELK, Hadoop, Python, or SQL.
  • Technical experience in areas such as Azure, AWS, SaaS, CAASM, SASE, SSE, IAM, EDR, Suricata, Zeek, and Full Packet capture technologies.
  • Experience with memory analysis, host-based anomaly detection, and network anomaly detection.
  • Understanding of Red Team and Threat Emulation exercises.
  • Ability to obtain a Secret security clearance.

Nice-to-haves

  • Master's Degree in Cybersecurity or a related field.

Benefits

  • Robust education assistance program
  • Unparalleled retirement contributions
  • Healthy work/life balance

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service