Information Security Analyst (Threat Hunt Lead)

Computer World Services Corp. (Cws) - Washington, DC

posted 4 months ago

Full-time - Senior
Remote - Washington, DC
Professional, Scientific, and Technical Services

About the position

The Threat Hunt (TH) Lead is a pivotal role within the cybersecurity team, responsible for overseeing a dedicated team that proactively assesses data collected from various cyber defense tools. This position requires a comprehensive understanding of cyber threats, particularly advanced persistent threats (APTs), and the ability to utilize a variety of tools and techniques to hunt for indicators of compromise (IOCs) and adversary tactics, techniques, and procedures (TTPs). The TH Lead will actively engage in hunting for IOCs and APT TTPs across the network and on hosts, employing tools such as Azure Sentinel, PowerBI, Tenable, and M365 Defender. In this role, the TH Lead will analyze threat actor activity, identify intrusions, create detections, and track campaigns. They will also analyze collected data to identify trends in the security environment and escalate threat and IOC details to the Cybersecurity team for implementing additional security controls. The position involves leveraging Microsoft Sentinel and other monitoring tools for security monitoring and proactive threat hunting, as well as utilizing threat intelligence and open-source cybersecurity outlets to enhance threat hunting operations. The TH Lead will be responsible for developing and implementing playbooks and automation objects for threat hunting capabilities, managing security-related events and incidents using CUSTOMER and DHS ticketing systems, and utilizing CUSTOMER Security Orchestration and Automated Response (SOAR) tools for automating threat hunting and incident handling. Additionally, the TH Lead will research emerging threats, publish internal Threat Briefs, create reports and presentations on research findings, and recommend mitigation strategies based on IOCs and adversarial TTPs. Collaboration with SOC and Cyber Security teams is essential, as is participation in DHS SOC status calls and working group meetings. The role also includes supporting incident response efforts and interfacing with DHS SOC and other agencies as needed.

Responsibilities

  • Oversee a team responsible for proactive threat hunting and analysis of cyber defense tools.
  • Actively hunt for indicators of compromise (IOCs) and advanced persistent threats (APTs) using various tools.
  • Analyze threat actor activity, identify intrusions, and create detections.
  • Track campaigns and analyze collected data to identify trends in the security environment.
  • Escalate threat and IOC details to the Cybersecurity team for additional security controls.
  • Leverage Microsoft Sentinel and other monitoring tools for security monitoring and proactive threat hunting.
  • Utilize threat intelligence and open-source cybersecurity outlets to enhance threat hunting operations.
  • Develop and implement playbooks and automation objects for threat hunting capabilities.
  • Manage security-related events/incidents using CUSTOMER and DHS ticketing systems.
  • Utilize CUSTOMER Security Orchestration and Automated Response (SOAR) tool for automating threat hunting and incident handling.
  • Research emerging threats and publish internal Threat Briefs.
  • Create reports and presentations on research and findings.
  • Recommend mitigation strategies based on IOCs and adversarial TTPs.
  • Collaborate with SOC and Cyber Security teams on research results.
  • Participate in DHS SOC status calls and working group meetings.
  • Support incident response efforts in collaboration with Cybersecurity and IT support teams.
  • Provide threat hunting status reports to stakeholders.

Requirements

  • Bachelor's degree (preferred).
  • Minimum 10 years of overall IT experience.
  • 5 years of experience in a lead role managing a Security Operations Center or Threat Hunting team.
  • 3 years of experience performing proactive threat hunting duties.
  • 3 years of experience leveraging SIEM and SOAR products (Microsoft Sentinel preferred) for threat hunting duties.
  • Knowledge of intelligence frameworks, processes, and cyber intelligence/information repositories.
  • Understanding of cyber operations concepts, terminology, principles, capabilities, and limitations.
  • Ability to synthesize complex information and communicate analysis effectively.
  • Independent work capability and creative problem-solving skills.
  • Strong representation skills in intra- and inter-agency meetings and with external partners.

Nice-to-haves

  • At least one relevant industry certification such as GCTI, GCFA, GNFA, GIAC Security Expert (GSE), or equivalent.
  • Active Top Secret Clearance (Preferred).

Benefits

  • Telework/Remote work authorized at Customer discretion.
  • Affirmative action and equal employment opportunity employer.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service