Cyber Threat Hunter (Mid-Level) jobs in United States
cer-icon
Apply on Employer Site
company-logo

cFocus Software Incorporated · 1 day ago

Cyber Threat Hunter (Mid-Level)

positionWashington, DC
timeFull-time
remoteHybrid
seniorityMid, Senior Level
date5+ years exp

cFocus Software Incorporated is seeking a Cyber Threat Hunter to join their program supporting USDOT in Washington, DC. This role involves identifying, monitoring, and investigating computer and network intrusions, as well as providing forensic support for high technology investigations.

ChatbotGovernmentInformation TechnologySoftware
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Identifies, deters, monitors, and investigates computer and network intrusions
Provide computer forensic support to high technology investigations in the form of evidence seizure, computer forensic analysis, and data recovery
Monitor and assess complex security devices for patterns and anomalies from raw events (DNS, DHCP, AD, SE logs), tag events for Tier 1 & 2 monitoring
Conduct malware analysis in out-of-band environment (static and dynamic), including complex malware
Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now), for threat hunt support
Threat hunt targets include cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (i.e., Zscaler)
Review and analyze risk-based Security information and event management (SIEM) alerts when developing hunt hypotheses
Review open-source intelligence about threat actors when developing hunt hypotheses
Plan, conduct, and document iterative, hypothesis based, tactics, techniques, and procedures (TTP) hunts utilizing the agile scrum project management methodology
At the conclusion of each hunt, propose, discuss, and document custom searches for automated detection of threat actor activity based on the hunt hypothesis
Configure, deploy, and troubleshoot Endpoint Detection and Response agents (e.g., Crowdstrike and Sysmon)
Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC
Track and document cyber defense incidents from initial detection through final resolution
Interface with IT contacts at court or vendor to install or diagnose problems with EDR agents
Participate in government led after action reviews of incidents
Triage malware events to identify the root cause of specific activity
Attend daily Agile Scrum standups and report progress on assigned Jira stories

Qualification

Security+ CEGCIAGCIHGSECGMONSplunk Core Power UserCyber Threat HuntingEndpoint DetectionResponseComputer ForensicsAgile Scrum MethodologyMalware AnalysisData Analysis

Required

Bachelor's Degree or equivalent experience in a computer, engineering, or science field
Active Public Trust clearance
8570 Compliant (Security+ CE)
Hold active certifications such as GCIA or GCIH or GSEC or GMON, and Splunk Core Power User
5+ years of relevant experience

Company

cFocus Software Incorporated

twittertwitter
company-logo
cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint.
dateFounded in 2006
location
Largo, Florida, USA
people-size11-50 employees
web-link
https://cfocussoftware.com/

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
Manisha Griesinger, MPH, MSc
Program Manager | U.S. EPA Office of the Chief Financial Officer
linkedin
Company data provided by crunchbase