Threat Hunting Specialist/Engineer

Role Overview: Proactively assessing data collected from a variety of cyber defense tools (e.g., IPS alerts, firewall logs, network traffic logs, host-based security logs, etc.) to analyze events that occur within their environments for the purposes of identifying and mitigating threats.  

Responsibilities:

• Actively hunt for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in the network and on hosts leveraging using a variety of tools, including but not limited to Splunk, Azure Sentinel, PowerBI and M365 Defender
• Research new threats as they emerge and publish internal Threat Briefs with the latest IOCs and emerging tactics being used by threat actors
• Analyze threat actor activity, identify intrusions, create detections, and track campaigns
• Create reports and presentations on research and findings
• Share knowledge with members of the Security Operations Center (SOC) and Cyber Security teams
• Analyze collected data to determine trends in the security environment of the organization
• Participate in monthly DHS SOC working group meetings
• Leverage enterprise SIEM and other monitoring tools to provide security monitoring and perform proactive threat hunting across the organizations’ systems
• Leverage threat intelligence and open-source cybersecurity outlets in support of THOC operations
• Leverage ServiceNow ticketing systems to manage security related events/incidents
• Develop and brief SOC threat hunting specific status reports at Information Technology Cyber Security Program (ITCSP) weekly staff meetings.
• Develop and maintain THOC threat hunting standard operating procedures (SOP)
• Work with Cybersecurity and other IT support teams as needed in support of incident response
• Leverage Security Orchestration and Automated Response tool in support of incident handling, developing, and implementing new workflows as needed.
• Escalate threat and IOC details to the Cybersecurity team as needed to implement additional security controls to mitigate threats
• Interface as needed with DHS SOC and SOCs of other agencies or companies.
• Provide threat hunting status reports to stakeholders to incorporate in SOC level reports
• Support ITCSP in efforts related to advancing the maturity level of the threat hunting capabilities of the SOC based upon the DHS defined Maturity Model
• Support annual self-assessment of threat hunting capabilities against the DHS Cybersecurity Services Program (CSP) maturity model, collaborating with the SOC in developing and providing a state of the SOC out brief to ITCSP leadership
• Support threat hunting aspects of formal DHS CSP assessments when scheduled by DHS
• Support threat hunting aspects of Cybersecurity and/or SOC related tabletop exercises
• Perform problem management to identify trending incidents, conduct root-cause analysis, develop solutions and workarounds, escalation of incidents in accordance with Service Level Objective (SLO), and record known problems, solutions, and workarounds in the CMDB

• Demonstrated proficiency with M365 Defender and Azure Sentinel
• Demonstrated experience leveraging SIEM and other tools to identify threat activity and incidents
• Demonstrated experience in delivering effective written and verbal communication and collaboration skills
• Demonstrated experience in providing Security Operations Center (SOC) support services with accuracy for effected resolution and documentation purposes
• Demonstrated experience in supporting multiple cybersecurity incidents simultaneously
• Demonstrated experience in adapting easily to learning new technologies
• Demonstrated ability to follow written and verbal instructions
• Demonstrated experience with problem solving new incidents without knowledgebase articles
• Demonstrated experience with creating and editing standard operating procedure (SOP) and incident reports
• Able to perform shift work within the following overlapping schedule:

Shift 1: Mon-Fri 0600-1400

Shift 2: Mon-Fri 1200-2000

Professional Certification(s):

At least one of the following or equivalent IT certifications: Certified Ethical Hacker (CEH), GIAC Security Essentials (GSEC), Security+

Formal Education:

N/A

Years of Professional Experience:

A minimum of 3 years direct experience providing Security Operations Center (SOC) services, including performing log and event review and incident response

Professional Certification(s):

CEH, GSEC

Formal Education:

BS in Information Technology or related discipline

Years of Professional Experience:

N/A

• Azure Sentinel
• M365 Defender

• U.S. Citizenship, No dual citizenship
• DHS EOD Eligibility