Center for Internet Security, Inc.

Cyber Threat Hunt Analyst

Job Locations US-VA-Arlington
ID
2020-1225
Category
Cybersecurity Operations
Type
Regular Full-Time

Overview

The primary purpose of this position is to be a subject matter expert in Digital Forensics Incident Response (DFIR) using endpoint detection response (EDR) technology to respond to cyber incidents impacting State, Local, Tribal and Territorial (SLTT) governments in conjunction with CISA’s Cybersecurity Division (CSD) teams. This position is employed by the Center for Internet Security, and will be located with the Cybersecurity and Infrastructure Security Agency (CISA) in Arlington, VA. The Threat Hunt analyst will partner with CISA’s HUNT team and will work to promote the CIS mission to expand and normalize information-sharing initiatives within CISA’s CSD.

What You'll Do

  • Perform queries and analysis of endpoints based on credible, relevant intelligence reporting to identify and assess activity that may be impacting SLTT governments in conjunction with CISA HUNT team
  • Assist in correlating and sharing data pertaining to incidents with CISA, CISA leadership, and the CIS teams
  • Review information from investigations and coordinate with CIS analysts to refine and enhance EDR tools and processes for better fidelity
  • Perform host-level Threat Hunting and Incident Response
  • Conduct incident response calls with SLTT governments
  • Other tasks and responsibilities as assigned

What You'll Need

  • Bachelor's degree in Digital Forensics, Cybersecurity, Computer Science, or related field*
  • 3+ years’ experience in DFIR and/or Security/Network Administration
  • Advanced experience in one or more of the following areas:
    • Incident response protocols, processes, and techniques
    • System and application security threats and vulnerabilities
    • Adversarial tactics, techniques, and procedures
    • Various host and network-based security controls
  • Experience preparing and delivering technical presentations/reports
  • Demonstrated experience as a contributing member of a threat intelligence or incident response team with hands-on experience dealing with Cyber Threat Actors, APT campaigns, and related Tactics, Techniques and Procedures (TTPs)
  • Strong time management, communication, attention to detail, and professional and interpersonal skills
  • Must have an active Top Secret/SCI clearance
  • The position is open to U.S. citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions**
  • Must be authorized to work in the United States

It's a Plus if You Have:

  • Highly proficient in the analysis of various log types (e.g. Windows Event, Web server, Firewall logs, etc…)
  • Experience with scripting languages such as Bash, Perl, or Python
  • Certifications in related areas (e.g. GCFE, GCFA, GNFA, GCIH, GREM, CCFE, CFCE, etc.)

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

 

**Factors that may cause a negative Fitness Review decision include:

  • Criminal Conduct
  • Dishonest Conduct
  • Employment Misconduct
  • Alcohol Abuse
  • Drug Use (illegal drug use or use of a legal drug in a manner that deviates from approved medical direction) Additionally, illegal drug use includes the use of drugs that are illegal for federal purposes despite being legal in select states and countries, such as marijuana.)
  • False Statements
  • Financial Issues
  • Have not resided in the US for three (3) of the past five (5) years

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed