Job Requisition:Cyber Threat Hunting Analyst Tier 3
Leidos is seeking a Tier 3 Cyber Threat Hunting Analyst to join our team on a highly visible cyber security single-award IDIQ vehicle that provides security operations center (SOC) support, cyber analysis, application development, and a 24x7x365 support staff.
Department of Homeland Security (DHS), Security Operations Center (SOC) Support Services is a US Government program responsible to monitor, detect, analyze, mitigate, and respond to cyber threats and adversarial activity on the DHS Enterprise. The DHS SOC has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a new shared DHS incident tracking system and other means of coordination and communication.
Duties include leading, supporting, coordinating and acting as the initial point of contact for security operations floor activities. Will assist with developing, maintaining, tuning, and monitoring cyber security content for detection and prevention capabilities. Will support investigating computer and information security incidents to determine extent of compromise to information and automated information systems, providing network forensic and intrusion detection support to high technology investigations in the form of researching and maintaining proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption. In addition, the Tier 3 Analyst will lead and mentor other SOC Support Staff and will communicate with executive leadership regarding matters of significant importance to the DHS SOC Support Services Program. The Analyst should have expertise in monitoring and detection, and incident response to support detection, containment, and eradication of malicious activities targeting customer networks.
This is a 9AM to 5PM Monday thru Friday. Flexible start times are considered. Participates in rotating on call schedule.
Cyber Threat Hunting SMEs will:
· Work with the Incident Response team, Malware Analysts, Cyber Threat Intelligence team, and Security Engineers to proactively search for DHS-detected cyber threats/campaigns (APTs)
· Work with the Cyber Threat Intelligence team to search for as yet undetected campaigns based on open source threat intelligence feeds
· Work coordinate hunting efforts across the DHS Component SOCS
· Work with Splunk engineers or directly with Splunk to update/create/enhance use cases to improve detection capabilities
· Contribute to Incident Response investigations working with the Incident Response team
· Potentially travel to other DHS locations (1-3 times/year) to support Incident Response investigations
· Lead and mentor other SOC support staff and communication with executive leadership regarding matters of significant importance to the DHS SOC Support Services Program
EDUCATION & EXPERIENCE:
Requires Bachelor’s Degree in Computer Science, Engineering, Information Technology, Cyber Security, or related field and 12+ years of prior relevant experience or Masters with 10+ years of prior relevant experience . Without degree, 15 years of prior relevant experience in the areas of incident detection and response, malware analysis, or cyber forensics required.
Minimum of current Secret with ability to obtain TS/SCI Clearance. In addition to specific security clearance requirements all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.
Must have at least one of the following certifications: SANS GIAC:GCIA, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIH
ISC2: CCFP, CCSP, CISSP CERT CSIH
EC Council: CHFI, LPT, ECSA
Offensive Security: OSCP, OSCE, OSWP and OSEE
Splunk experience required
Defense Cyber Investigative Training Academy: FTK WFE-FTK, CIRC, WFE-E-CI, FIW
Experience in cyber government, and/or federal law enforcement. Cyber Kill Chain knowledge.
Ability to travel 1-3 times per year
External Referral Bonus:Eligible
Potential for Telework:No
Clearance Level Required:Secret
Scheduled Weekly Hours:40
Job Family:Cyber Security2000Civil
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.19 billion for the fiscal year ended December 28, 2018. For more information, visit www.Leidos.com.
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to email@example.com.
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.