Leidos has a current job opportunity for a Cyber Threat Hunter at Scott AFB, IL.
Enjoy learning about the latest open source security tool announced by one of the security researchers you follow on Twitter? Are your favorite kinds of bears the fancy and cozy type? If yes, this position may be for you. We are looking for experienced and motivated security analysts with a passion for threat hunting to join our team responsible for identifying, correlating, tracking & reporting network/host anomalies and intrusions. The ideal candidate will meet most of the qualifications below as well as have strong written and verbal communication skills, the ability to create complex technical reports on analytical findings, be committed to self-study, and have a desire to keep up with the latest industry news. Don't necessarily meet the qualifications below but are curious (curiosity > *) and passionate about the field? Let's chat anyway!
• Hunt for cyber threats using available tools and data sources.
• Detect, respond to, and report threats across the DOD Information Network to customers and USCYBERCOM.
• Review intelligence sources for actionable threats.
• Identify Indicators of Compromise (IOCs) and integrate those into sensors and SIEMs.
• Bachelor's degree and 2+ years of experience; additional relevant years of work experience can be substituted in lieu of a degree.
• Must have DoD 8570 IAT II (Sec+, CySA+, CISSP, etc.) prior to starting and CSSP-A Certification (CEH, CySA+, GCIA, GCIH, etc.) within 180 days of hire.
• Experience identifying network anomalies via raw Firewall, Proxy, Netflow, DNS logs & PCAP.
• Experience identifying host anomalies via Windows Event logs, Sysinternals Sysmon, Process Explorer/Monitor, Autoruns, etc..
• Experience analyzing logs produced by "Next-Gen" AV / Endpoint Detection & Response (EDR) solutions such as Microsoft Defender ATP, Carbon Black, CrowdStrike Falcon
• Advanced understanding of offensive security to include common attack methods and adversary simulation tools/frameworks.
• Familiar with Advanced Persistent Threat (APT) groups, campaigns and intrusion sets.
• Familiar with models/frameworks such as MITRE ATT&CK(tm), LM Cyber Kill Chain(r), Pyramid of Pain, etc..
• Working knowledge of at least one programming language (Python, Go, Ruby, etc..)
• Working knowledge of at least one Windows scripting language (PowerShell, VBScript, creation of batch files, etc..)
• Linux command line experience / bash scripting knowledge.
• Knowledge of malware analysis concepts and methods.
• Knowledge of resources such as RiskIQ PassiveTotal, VirusTotal, DomainTools, Censys.io, etc.. and their use for identifying contributing information for an event.
• Experience with SIEM or log management solutions such as Splunk / Splunk ES, ELK Stack, Graylog, Azure Sentinel.
• Understanding of how to pivot across multiple datasets to correlate artifacts for a single security event.
• Minimum SECRET security clearance.
• TOP SECRET SCI Eligible security clearance.
• Understanding of YARA rules, experience writing rules to identify and classify malware samples.