Threat Hunt and Forensics Lead
Zeneth is looking for a Senior Cyber Threat Hunter and Forensics Investigator in support of a major federal client, providing analysis to enhance cyber security against threats and potential threats to the customer’s information and information systems; providing relevant technical analysis to assist with mitigating cyber threats and investigating incidents; and supporting evaluation, implementation, and operations of tools/technologies used in advanced analysis. Responsible for the delivery of written and oral briefings to client stakeholders. The ideal candidate works is comfortable working independently in tackling disparate challenges in support of the Security Operations Center and other agency customers and leading junior members of the team:
o Performs advanced analysis of adversary tradecraft, malicious code, and Advance Persistent Threat capabilities
o Analyzes computer, communication, network security events and exploits to determine security vulnerabilities and recommend remedial actions
o Conducts forensic, malicious code, and packet-level analyses to develop comprehensive technical reports stepping through complete reverse engineering of incidents
o Recommends countermeasures based on the identified techniques, tactics, procedures, and behavior patterns used by adversaries
o This role is also responsible for developing alert criteria to improve incident response capabilities; as well as, contributes to development, writing, and reviewing of SOPs
o Conducts legally defensible searches of hardware, software, and data in support of internal client investigation
o Provide expert analytic investigative support of large scale and complex security incidents
o Perform analysis of security incidents & threat actors for further enhancement of Detection Catalog and Hunt missions. Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed
o Works closely with cyber threat intelligence to identify indicators of compromise and actor tactics, techniques, and procedures (TTPs).
· Support the Security Operations Center incident response and investigations
· Leverage threat intelligence to assess vulnerability to/damage done by malicious cyber actors
· Develop and share actionable threat vectors for use by Security Operations Center to focus efforts and tune monitoring tools
· Maintain a situational awareness of the current security industry and emerging threat landscape.
· Develop and locate appropriate tools to support threat hunting and forensics in the face of advancing cyber technology
· Provide recommendations to senior management on best courses of action as a result of current and emerging Indicators of Compromise (IOCs)
· Partner with security operations teams to provide best-in-class monitoring, response, and reporting for network and computer incidents.
· Construct and exploit open source and classified threat intelligence to detect, respond, and defeat advanced persistent threats (APTs)
· Fully analyze network and host activity in successful and unsuccessful intrusions by advanced attackers
· Track cyber threat actors and associated tactics, techniques, and procedures (TTPs)
· Analyze malicious campaigns and evaluate effectiveness of security technologies
· Document best practices with the Security Operations Center staff using available collaboration tools and workspaces
· Work with corporate executive management team to design and build a threat hunt and forensics service offering for other clients
· Lead, manage, and supervise one other analyst in executing threat hunt and forensics responsibilities
· Active Public Trust clearance or eligible for clearance; Secret clearance preferred, but not required
· A Bachelor’s Degree in Computer Science, Information Systems, Engineering, Telecommunications, or other related scientific or technical discipline is desired; Four (4) additional years of general experience (as defined below) may be substituted for the degree
· 3+ years of experience executing the incident handling process from start to finish, including detecting advanced adversaries, log analysis, and malware triage
· Working knowledge of security architectures and devices; cyber threat intelligence consumption and management; root causes of malware infections and proactive mitigation; and lateral movement, footholds, and data exfiltration techniques
· General Experience: 5-7 years of experience advanced technical analysis with increasing responsibilities. Demonstrated oral and written communications skills
§ Good working knowledge of cyber threat analytics
§ Previous experience working in cross functional and interdisciplinary project teams to achieve tactical and strategic objectives
§ Proven ability to document and teach team members how to apply advanced analytic techniques to solve complex problems
§ Solid understanding of enterprise IT cybersecurity operational environments
· Five years of experience in network security with a focus on computer forensics, static code reverse engineering, and advanced (packet) network analysis; static code reverse engineering experience can be substituted by experience in similar skill in computer forensics, network analysis, mobile device forensics related to malicious code, network flow analysis, or other similar skill.
· Experience analyzing emerging technologies for potential attack vectors and developing mitigation strategies
· Demonstrated expertise in operating open source network security monitoring and assessment tools
· Knowledge of working with and applying the ODNI and / or the ATT&K framework
· Familiar with standard security best practices
· Individual must interact extensively with all levels of management, business and IT, and is required to act in a professional and confident manner
· Self-motivator possessing a high sense of urgency and a high level of integrity.
· Strong customer service skills to deliver quality results
· Able to work well under pressure and within short time constraints
· Excellent documentation, communication and interpersonal skills combined with analytical and problem-solving abilities
· Willingness to work onsite with client in downtown D.C. (Metro accessible)
· Ability to manage and balance own time among multiple tasks and operate with little direction.
· At least one active security certification. Desired Certifications:
· GIAC Certified Incident Handler (GCIH)
· GIAC Certified Forensics Analyst (GCFA)
· GIAC Certified Forensics Examiner (GCFE)
· Certified Ethical Hacker (CEH)
Zeneth is an Equal Opportunity Employer (EOE), qualified applicants are considered for employment without regard to age, race, color, religion, sex, national origin, sexual orientation, disability, or veteran status.