Evolver Federal is looking for a Threat Hunt Analyst to join our team on a large Security Operations program with our Federal client located in Washington, DC.

This is a Remote position that allows for 100% Work from Home

The Threat Hunt Analyst (THA) works to identify advanced threats within the network to track and mitigate them prior to an attack of the IT systems of the organization.

The THA will create hypotheses to conduct searches for threats inside the network with the goal of gathering data on threat behaviors, goals, and methodologies of the threat group. The THA is responsible for organizing and analyzing the data to establish baselines for the security environment and make security recommendations to address current vulnerabilities.

Candidate will possess prior work experience in cybersecurity with an intimate knowledge of network computing and be an individual who has technical with multiple security tools. The individual will be responsible for gathering raw data, filtering, investigating, analyzing network activity, creating the hypothesis for threat hunt operations, conduct full hunt operations, and solution security fixes based on the outcome of the hunt. THAs will operate as part of the Incident Response team by assisting with response through the conduction of ad-hoc hunts, contributing to lessons learned and suggesting new preventative measures, and integrate threat data into security tools. The individual will have good presentation skills and possess excellent communication skills both verbal and written.

Responsibilities

• Conduct security assessments to identify potential vulnerabilities, threats, or deficiencies
• Support Security Operation Center and Incident Response activities
• Document all hunt activities and create presentations when requested
• Create detection content to support the automated identification of threats across the environment
• Triage alerts generated from curated hunt team detection content and escalate as needed to other organizations within cybersecurity defense operations
• Conduct research from external and internal sources, develop, and implement solutions based around new attack techniques and threats
• Analyze security and event logs for anomalies and indications of malicious behavior
• Determine true threats, false positives, and misconfigurations in order to provide timely solutions to detected issues
• Tune analytic correlations along with other security personnel to reduce false positives and increase actionable alerts
• Understanding of TCP/IP and how traffic is transported through a network
• Use of security controls (firewalls, antivirus, Endpoint Detection and Response platforms, Intrusion Detection Systems, packet capture analysis, etc.) leveraged to spot anomalies
• Malicious actors and the tools, techniques, and procedures they employ
• Knowledge and understanding of multiple operating systems, network devices, and secure architectures
• Utilizing the cyber threat hunt method to identify malicious activity in a network
• Identifying threat groups and their distinct TTPs
• Information assessment for network threats to include scans, computer viruses, and complex APT attacks
• Hands-on experience with a Security Information and Event Management (SIEM) tool
• Log analysis and how events of interest can be linked together or corroborated
• Proficiency with one or more Endpoint Detection and Response Tool(s)

Basic Qualifications

• Bachelor' s degree and senior industry professional certification such as a Certified Information Systems Security Professional (CISSP) or equivalent are desired
• Must be able to obtain an agency-specific Public Trust clearance.
• Due to the requirements of this federal customer, applicants must be Green Card Holders or US Citizens.
• Due to the requirements of this federal customer, applicants must be US citizen
• 2 years of experience within security operations, cyber threat hunting, or content detection development, or supporting cybersecurity operations within a cyber fusion center
• 2 years of experience recommending mitigation Tactics Techniques and Procedures (TTPs) for identifying malicious logic within the customer's environment
• 2 years of experience partnering with peer cyber operations teams to understand events and support technical analysis of malicious cyber security incidents
• 2 years of experience tracking potential threats associated with attempted intrusions, network & host-based attacks, and coordinating incident response efforts with cyber security teams
• 1 year of experience with malware analysis
• 1 year of experience with network analysis
• 1 year of experience understanding CVEs
• 2 years of experience analyzing system, network, and application logging for attack techniques at all stages of the cyber kill chain
• 1 year of direct experience working with very large datasets and log analysis tools including but not limited to: Splunk and Tanium
• 1 year of direct experience with Qualys

Preferred Qualifications

• 3 years of work experience as a Threat Hunt Analyst
• 4 years of experience within security operations, cyber threat hunting, or content detection development, or supporting cybersecurity operations within a cyber fusion center
• 4 years of experience recommending mitigation Tactics Techniques and Procedures (TTPs) for identifying malicious logic within the customer's environment
• 4 years of experience partnering with peer cyber operations teams to understand events and support technical analysis of malicious cyber security incidents
• 4 years of experience tracking potential threats associated with attempted intrusions, network & host-based attacks, and coordinating incident response efforts with cyber security teams

Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.