Fusion Detection Specialist

Threat Detection Specialist
Charleston, SC
Minimum Secret Clearance required with upgrade to TS-SCI 

As a Threat Detection Specialist, you will be responsible for the creation, development, and the evolution of detection logic. You will work closely with the SOC floor to help improve the performance and efficacy of detection logic. You will be researching TTPs and the threat landscape and translating that research into high quality custom detections.

Position Responsibilities and Duties:
• Use Network and Host Based data to drive detection, monitoring, and response capabilities
• Create detection analytics based off the MITRE ATT&CK Framework and other security frameworks
• Perform unique research on adversarial Tools, Techniques, and Procedures (TTPs)
• Overtime may be required as needed to support incident response actions (Surge)
• Up to 15% Travel may be required

Qualifications:
• US Citizen
• At least 3 years of experience performing Incident Response, Forensics, Malware Analysis, or Penetration Testing
• At least 3 years of experience performing analysis or threat hunting with Windows Event logs, Sysmon, and/or Linux logs
• At least 3 years of experience using a Log Aggregator

Preferred Qualifications:
• At least 3 years of experience with performing analysis, threat hunting, or building detection in Splunk
• At least 3 years of experience threat hunting or performing Incident Response in an EDR
• Strong written and verbal communication skills
• Strong understanding of network level protocols
• Low level Operating System understanding (Windows/Linux internals)
• Ability to perform basic static Malware Analysis

Required Certifications:
• DoD 8570 and CNDSP IR compliant certifications 
Travel may be required to CONUS and OCONUS locations for incident response and other program needs.