Job Requisition:Cyber Threat Hunter
Leidos has a current job opportunity for a Cyber Threat Hunter at Scott AFB, IL.
Enjoy learning about the latest open source security tool announced by one of the security researchers you follow on Twitter? Are your favorite kinds of bears the fancy and cozy type? If yes, this position may be for you. We are looking for experienced and motivated security analysts with a passion for threat hunting to join our team responsible for identifying, correlating, tracking & reporting network/host anomalies and intrusions. The ideal candidate will meet most of the qualifications below as well as have strong written and verbal communication skills, the ability to create complex technical reports on analytical findings, be committed to self-study, and have a desire to keep up with the latest industry news. Don't necessarily meet the qualifications below but are curious (curiosity > *) and passionate about the field? Let's chat anyway!
•Hunt for cyber threats using available tools and data sources.
•Detect, respond to, and report threats across the DOD Information Network to customers and USCYBERCOM.
•Review intelligence sources for actionable threats.
•Identify Indicators of Compromise (IOCs) and integrate those into sensors and SIEMs.
•Bachelor's degree and 2+ years of experience; additional relevant years of work experience can be substituted in lieu of a degree.
•Must have DoD 8570 IAT II (Sec+, CySA+, CISSP, etc.) prior to starting and CSSP-A Certification (CEH, CySA+, GCIA, GCIH, etc.) within 180 days of hire.
•Experience identifying network anomalies via raw Firewall, Proxy, Netflow, DNS logs & PCAP.
•Experience identifying host anomalies via Windows Event logs, Sysinternals Sysmon, Process Explorer/Monitor, Autoruns, etc..
•Experience analyzing logs produced by "Next-Gen" AV / Endpoint Detection & Response (EDR) solutions such as Microsoft Defender ATP, Carbon Black, CrowdStrike Falcon
•Advanced understanding of offensive security to include common attack methods and adversary simulation tools/frameworks.
•Familiar with Advanced Persistent Threat (APT) groups, campaigns and intrusion sets.
•Familiar with models/frameworks such as MITRE ATT&CK(tm), LM Cyber Kill Chain(r), Pyramid of Pain, etc..
•Working knowledge of at least one programming language (Python, Go, Ruby, etc..)
•Working knowledge of at least one Windows scripting language (PowerShell, VBScript, creation of batch files, etc..)
•Linux command line experience / bash scripting knowledge.
•Knowledge of malware analysis concepts and methods.
•Knowledge of resources such as RiskIQ PassiveTotal, VirusTotal, DomainTools, Censys.io, etc.. and their use for identifying contributing information for an event.
•Experience with SIEM or log management solutions such as Splunk / Splunk ES, ELK Stack, Graylog, Azure Sentinel.
•Understanding of how to pivot across multiple datasets to correlate artifacts for a single security event.
•Minimum SECRET security clearance.
•TOP SECRET SCI Eligible security clearance.
•Understanding of YARA rules, experience writing rules to identify and classify malware samples.
External Referral Bonus:Eligible
Potential for Telework:No
Clearance Level Required:Secret
Travel:Yes, 10% of the time
Scheduled Weekly Hours:40
Job Family:Cyber Security2000Defense
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.19 billion for the fiscal year ended December 28, 2018. For more information, visit www.Leidos.com.
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to firstname.lastname@example.org.
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.