Leidos - Ashburn, VA
posted 24 days ago
Full-time - Senior
Ashburn, VA
Professional, Scientific, and Technical Services
About the position
The Senior Cyber Threat Hunt Analyst at Leidos plays a critical role in the U.S. Department of Homeland Security's Security Operations Center (SOC) by preventing, identifying, and eradicating cyber threats to Customs and Border Protection (CBP) networks. This position involves creating threat models, conducting threat hunts, analyzing security data, and reporting findings to enhance the cybersecurity posture of the organization. The analyst will work independently to develop scripts for threat detection and will lead missions to identify advanced threats that traditional systems may miss.
Responsibilities
- Create Threat Models to understand the DHS IT Enterprise and identify defensive gaps.
- Author, update, and maintain SOPs, playbooks, and work instructions.
- Utilize Threat Intelligence and Threat Models to create threat hypotheses.
- Plan and scope Threat Hunt Missions to verify threat hypotheses.
- Proactively search through systems and networks to detect advanced threats.
- Analyze host, network, and application logs, as well as malware and code.
- Prepare and report risk analysis and threat findings to stakeholders.
- Lead cyber threat hunt missions with minimal supervision and recommend best practices.
- Develop scripts to support cyber threat detection in various formats.
- Conduct cyber threat analysis and develop actionable intelligence.
- Create and recommend new security content based on hunt missions.
- Coordinate with teams to improve threat detection and response.
- Identify and investigate high priority threat campaigns and malicious actors.
- Maintain a comprehensive understanding of the cyber threat landscape.
- Review current and emerging cyber threat intelligence and initiate threat hunts accordingly.
- Create daily, weekly, and monthly reporting data.
- Collect, aggregate, and report on metrics derived from threat hunts.
Requirements
- 4+ years of recent experience with host-based and network-based security monitoring.
- Experience developing scripts in formats such as VB scripts, Python, C++, HTML, XML.
- Ability to work independently with minimal direction.
- Bachelor's Degree and 8 - 12 years of relevant experience or equivalent experience in lieu of degree.
- At least one of the following certifications: CISSP, SANS GCIA, SANS GREM, SANS GISF, SANS GXPN, SANS GMON, OSCP, OSCE, OSWP, OSEE, CCSP, LPT, ECSA.
Nice-to-haves
- Five years of hands-on experience in cybersecurity monitoring.
- Understanding of complex Enterprise networks including routing, switching, firewalls, proxies, and load balancers.
- Experience planning and executing threat hunt missions.
- In-depth knowledge of common networking protocols (HTTP, DNS, SMB).
- Expertise in network and host-based analysis and investigation.
- Previous DOD, IC, or Law Enforcement Intelligence or Counterintelligence Training/Experience.
- Knowledge of Structured Analytic Techniques.
- Advanced Degree in Cyber Security or related field.
- Familiarity with Windows and Linux systems.
- Proficient with scripting languages such as Python or PowerShell.
- Familiarity with Splunk Search Processing Language (SPL) or Elastic Domain Specific Language (DSL).
Benefits
- Health insurance
- 401k retirement plan
- Paid holidays
- Flexible scheduling
- Professional development opportunities
