Leidos is seeking a Tier 3 Cyber Threat Hunting Analyst to join our team on a highly visible cyber security single-award IDIQ vehicle that provides security operations center (SOC) support, cyber analysis, application development, and a 24x7x365 support staff.
Department of Homeland Security (DHS), Security Operations Center (SOC) Support Services is a US Government program responsible to monitor, detect, analyze, mitigate, and respond to cyber threats and adversarial activity on the DHS Enterprise. The DHS SOC has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a new shared DHS incident tracking system and other means of coordination and communication.
Duties include leading, supporting, coordinating and acting as the initial point of contact for security operations floor activities. Will assist with developing, maintaining, tuning, and monitoring cyber security content for detection and prevention capabilities. Will support investigating computer and information security incidents to determine extent of compromise to information and automated information systems, providing network forensic and intrusion detection support to high technology investigations in the form of researching and maintaining proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption. In addition, the Tier 3 Analyst will lead and mentor other SOC Support Staff and will communicate with executive leadership regarding matters of significant importance to the DHS SOC Support Services Program. The Analyst should have expertise in monitoring and detection, and incident response to support detection, containment, and eradication of malicious activities targeting customer networks.
This is a 9AM to 5PM Monday thru Friday. Flexible start times are considered. Participates in rotating on call schedule.
Cyber Threat Hunting SMEs will:
• Work with the Incident Response team, Malware Analysts, Cyber Threat Intelligence team, and Security Engineers to proactively search for DHS-detected cyber threats/campaigns (APTs)
• Work with the Cyber Threat Intelligence team to search for as yet undetected campaigns based on open source threat intelligence feeds
• Work coordinate hunting efforts across the DHS Component SOCS
• Work with Splunk engineers or directly with Splunk to update/create/enhance use cases to improve detection capabilities
• Contribute to Incident Response investigations working with the Incident Response team
• Potentially travel to other DHS locations (1-3 times/year) to support Incident Response investigations
• Lead and mentor other SOC support staff and communication with executive leadership regarding matters of significant importance to the DHS SOC Support Services Program
EDUCATION & EXPERIENCE:
Requires Bachelor's Degree in Computer Science, Engineering, Information Technology, Cyber Security, or related field and 12+ years of prior relevant experience or Masters with 10+ years of prior relevant experience . Without degree, 15 years of prior relevant experience in the areas of incident detection and response, malware analysis, or cyber forensics required.
Minimum of current Secret with ability to obtain TS/SCI Clearance. In addition to specific security clearance requirements all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.
Must have at least one of the following certifications: SANS GIAC:GCIA, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIH
ISC2: CCFP, CCSP, CISSP CERT CSIH
EC Council: CHFI, LPT, ECSA
Offensive Security: OSCP, OSCE, OSWP and OSEE
Splunk experience required
Defense Cyber Investigative Training Academy: FTK WFE-FTK, CIRC, WFE-E-CI, FIW
Experience in cyber government, and/or federal law enforcement. Cyber Kill Chain knowledge.
Ability to travel 1-3 times per year