Apply on Employer Site

cFocus Software Incorporated · 20 hours ago

Cyber Threat Hunter (Senior)

United States

Full-time

Remote

Senior Level

5+ years exp

cFocus Software Incorporated is seeking a Cyber Threat Hunter (Senior) to support US Courts. The role involves proactive threat hunting and incident response to identify security incidents and vulnerabilities in both cloud-based and non-cloud-based environments.

ChatbotGovernmentInformation TechnologySoftware

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Provide incident response services after an incident is declared and provides a service that proactively searches for security incidents that would not normally be detected through automated alerting

The Threat Hunt mission is to explore datasets across the judicial fabric to identify unique anomalies that may be indicative of threat actor activity based on the assumption that the adversary is already present in the judicial fabric. The extended mission is to conduct counterintelligence, build threat actor dossiers, disrupt adversary operations, identify misconfigurations/ vulnerabilities, and identify visibility/detection gaps, if any. Human analytical thinking is imperative to the primary and extended missions as it is up to the threat hunter to find signs of an intrusion that have bypassed the automatic detection process that may already be in place

Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now), for threat hunt support. Threat hunt targets include cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (i.e., Zscaler)

Review and analyze risk-based Security information and event management (SIEM) alerts when developing hunt hypotheses

Review open-source intelligence about threat actors when developing hunt hypotheses

Plan, conduct, and document iterative, hypothesis based, tactics, techniques, and procedures (TTP) hunts utilizing the agile scrum project management methodology

At the conclusion of each hunt, propose, discuss, and document custom searches for automated detection of threat actor activity based on the hunt hypothesis

Configure, deploy, and troubleshoot Endpoint Detection and Response agents (e.g., CrowdStrike and Sysmon)

Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC

Track and document cyber defense incidents from initial detection through final resolution

Interface with IT contacts at court or vendor to install or diagnose problems with EDR agents

Participate in government led after action reviews of incidents

Triage malware events to identify the root cause of specific activity

Attend daily Agile Scrum standups and report progress on assigned Jira stories

Qualification

Threat huntingIncident responseSplunk Enterprise SecurityEDR agentsMicrosoft AzureMicrosoft O365Microsoft Active DirectoryZscalerMicrosoft SentinelTenable NessusNetScoutMandiant Threat intelGIAC certificationsAgile Scrum methodologyCustom scriptsData analysisSoft skills

Required

5 - 8 years of experience performing threat hunts & incident response activities for cloud-based and non-cloud-based environments, such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Zscaler

5 -8 years of experience performing hypothesis-based threat hunt & incident response utilizing Splunk Enterprise Security

5 - 8 years of experience collecting and analyzing data from compromised systems using EDR agents (e.g. CrowdStrike) and custom scripts (e.g. Sysmon & Auditd)

5 -8 years of experience with the following threat hunting tools: Microsoft Sentinel for threat hunting within Microsoft Azure; Tenable Nessus and SYN/ACK for vulnerability management; NetScout for analyzing network traffic flow; SPUR.us enrichment of addresses; Mandiant Threat intel feeds

Preferred

One of the following certifications: GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH), GIAC Continuous Monitoring (GMON), GIAC Defending Advanced Threats (GDAT), Splunk Core Power User