Tyto Athene - Arlington, VA
posted 26 days ago
Full-time - Mid Level
Arlington, VA
Furniture, Home Furnishings, Electronics, and Appliance Retailers
About the position
The Lead Cyber Threat Hunter at Tyto Athene is responsible for proactively identifying and mitigating cyber threats within the network and host environments. This role involves hunting for Indicators of Compromise (IOC) and analyzing threat actor tactics, techniques, and procedures (TTP). The position requires collaboration with various teams to enhance security measures and respond to incidents effectively.
Responsibilities
- Actively hunt for Indicators of Compromise (IOC) and threat actor Tactics, Techniques, and Procedures (TTP) in the network and host environments.
- Search network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns and hunt for Advanced Persistent Threats (APT).
- Create detailed Incident Reports and contribute to lessons learned in collaboration with appropriate teams.
- Collaborate with the SOC and Threat Analysts to contain and investigate major incidents.
- Provide simple and reusable hunt tactics and techniques to a team of security engineers, SIEM specialists, and SOC analysts.
- Work with leadership and the engineering team to improve and expand available toolsets.
- Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture.
- Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs.
Requirements
- Bachelor's degree in Computer Science, Information Technology, or related field and 8 years of relevant experience, or a Master's degree and 4 years of experience.
- Experience with securing and hardening IT infrastructure.
- Demonstrated or advanced experience with computer networking and operating systems.
- Experience with operational security, including security operations center (SOC), incident response, malware analysis, or IDS and IPS analyses.
- Demonstrated proficiency with regular expressions and scripting languages, including Python or PowerShell.
- Demonstrated proficiency with data hunting, including ELK, Splunk, Apache Spark, or AWS Stack.
- Experience with network hunting, including Bro Logs, DNS, Netflow, PCAP, or firewalls and proxies.
- Knowledge of Windows and Linux operating systems and command line.
- Ability to analyze malware, extract indicators, and create signatures in Yara and Snort.
- Strong analytical skills and the ability to effectively research, write, communicate, and brief varying levels of audiences, including at the executive level.
- Knowledge related to the current state of cyber adversary tactics and trends.
- Knowledge of the Splunk search language, search techniques, alerts, dashboards, and report building.
- Knowledge of the TCP/IP networking stack and network IDS technologies.
Nice-to-haves
- Previous experience working as a cyber threat hunter.
- Experience with operational security, including security operations centers (SOC), incident response, digital forensics, and malware analysis.
- Experience with major cloud service provider offerings.
- Knowledge of offensive security tools and techniques.
Benefits
- Opportunities for career growth and development.
- Innovative and collaborative work environment.
