Yesterday
Secret
Unspecified
Unspecified
IT - Security
Arlington, VA (On-Site/Office)
Tyto Athene is searching for a Lead Cyber Threat Hunter to support our customer in Arlington, Virginia.
Responsibilities:
* Actively hunt for Indicators of Compromise (IOC) and threat actor Tactics, Techniques, and Procedures (TTP) in the network and the host as necessary
* Search network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns, and hunt for Advanced Persistent Threats (APT)
* Create detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate teams
* Collaborate with the SOC and Threat Analysts to contain and investigate major incidents
* Provide simple and reusable hunt tactics and techniques to a team of security engineers, SIEM specialists, and SOC analysts
* Work with leadership and the engineering team to improve and expand available toolsets
* Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture
* Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs.
Required:
* Bachelor's degree in Computer Science, Information Technology, or related field and 8 years of relevant experience or a Masters degree and 4 years
* Experience with securing and hardening IT infrastructure
* Demonstrated or advanced experience with computer networking and operating systems
* Experience with operational security, including security operations center (SOC), incident response, malware analysis, or IDS and IPS analyses
* Demonstrated proficiency with regular expression and scripting languages, including Python or PowerShell
* Demonstrated proficiency with data hunting, including ELK, Splunk, Apache Spark, or AWS Stack
* Experience with network hunting, including Bro Logs, DNS, Netflow, PCAP, or firewalls and proxies
* Knowledge of Windows and Linux OS' and command line
* Ability to analyze malware, extract indicators, and create signatures in Yara and Snort
* Strong analytical skills and the ability to effectively research, write, communicate and brief varying levels of audiences to include at the executive level
* Knowledge related to the current state of cyber adversary tactics and trends
* Knowledge of the Splunk search language, search techniques, alerts, dashboards, and report building
* Knowledge of the TCP/IP networking stack and network IDS technologies
Desired:
* Previous experience working as a cyber threat hunter
* Experience with operational security, including security operations centers (SOC), incident response, digital forensics, and malware analysis
* Experience with major cloud service provider offerings
* Knowledge of offensive security tools and techniques
Clearance:Active Secret clearance required
Certification: DoD 8570 IAM/IAT Level II certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.
Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.
After several strategic acquisitions in 2021, Tyto Athene has experienced enormous opportunity and growth. Aside from being the leading provider of mission-focused IT and Cyber services and solutions to critical U.S. government agencies, Tyto is well-positioned to meet the growing demand for network modernization requirements across the federal enterprise.
Our employees are the key to the innovation that has made Tyto a success. We provide an environment that is geared to reward potential, innovation, and teamwork. If you would like to unleash your creativity and your career -- it's time to join Team Tyto!
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
Responsibilities:
* Actively hunt for Indicators of Compromise (IOC) and threat actor Tactics, Techniques, and Procedures (TTP) in the network and the host as necessary
* Search network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns, and hunt for Advanced Persistent Threats (APT)
* Create detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate teams
* Collaborate with the SOC and Threat Analysts to contain and investigate major incidents
* Provide simple and reusable hunt tactics and techniques to a team of security engineers, SIEM specialists, and SOC analysts
* Work with leadership and the engineering team to improve and expand available toolsets
* Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture
* Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs.
Required:
* Bachelor's degree in Computer Science, Information Technology, or related field and 8 years of relevant experience or a Masters degree and 4 years
* Experience with securing and hardening IT infrastructure
* Demonstrated or advanced experience with computer networking and operating systems
* Experience with operational security, including security operations center (SOC), incident response, malware analysis, or IDS and IPS analyses
* Demonstrated proficiency with regular expression and scripting languages, including Python or PowerShell
* Demonstrated proficiency with data hunting, including ELK, Splunk, Apache Spark, or AWS Stack
* Experience with network hunting, including Bro Logs, DNS, Netflow, PCAP, or firewalls and proxies
* Knowledge of Windows and Linux OS' and command line
* Ability to analyze malware, extract indicators, and create signatures in Yara and Snort
* Strong analytical skills and the ability to effectively research, write, communicate and brief varying levels of audiences to include at the executive level
* Knowledge related to the current state of cyber adversary tactics and trends
* Knowledge of the Splunk search language, search techniques, alerts, dashboards, and report building
* Knowledge of the TCP/IP networking stack and network IDS technologies
Desired:
* Previous experience working as a cyber threat hunter
* Experience with operational security, including security operations centers (SOC), incident response, digital forensics, and malware analysis
* Experience with major cloud service provider offerings
* Knowledge of offensive security tools and techniques
Clearance:Active Secret clearance required
Certification: DoD 8570 IAM/IAT Level II certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.
Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.
After several strategic acquisitions in 2021, Tyto Athene has experienced enormous opportunity and growth. Aside from being the leading provider of mission-focused IT and Cyber services and solutions to critical U.S. government agencies, Tyto is well-positioned to meet the growing demand for network modernization requirements across the federal enterprise.
Our employees are the key to the innovation that has made Tyto a success. We provide an environment that is geared to reward potential, innovation, and teamwork. If you would like to unleash your creativity and your career -- it's time to join Team Tyto!
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
group id: 91085617
