Cyber Threat Hunter SME

Arlington, VA, United States

Gray Tier Technologies is looking for a Cyber Threat Hunter SME to support The Department of Homeland Security (DHS) Hunt and Incident Response Team (HIRT). DHS HIRT secures the Nation's cyber and communications infrastructure. HIRT provides DHS's front-line response for cyber incidents and proactively hunting for malicious cyber activity. Gray Tier Technologies performs HIRT investigations to develop a preliminary diagnosis of the severity of breaches. Gray Tier provides HIRT remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities. This role provides remote and onsite advanced technical assistance for proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based and cloud-based cybersecurity analysis capabilities. Team personnel provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity.  We are seeking a Threat Hunters to support this critical customer mission.

RESPONSIBILITIES:

Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack

Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations

Collects network intrusion artifacts (e.g., PCAP, domains, URI's, certificates, etc.) and uses discovered data to enable mitigation of potential incidents

Collects network device integrity data and analyze for signs of tampering or compromise

Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information

Tracking and documenting on-site incident response activities and providing updates to leadership through executive summaries and in-depth technical reports

Planning, coordinating and directing the inventory, examination and comprehensive technical analysis of computer related evidence

Serving as technical forensics liaison to stakeholders and explaining investigation details

REQUIRED SKILLS:

U.S. Citizenship

Must have an active Secret clearance (TS/SCI eligible) and be able to obtain DHS Suitability

8+ years of directly relevant experience in cyber forensic and network investigations using leading edge technologies and industry standard forensic tools

Experience with reconstructing a malicious attack or activity

Ability to characterize and analyze network traffic, identify anomalous activity / potential threats, analyze anomalies in network traffic using metadata

Ability to create forensically sound duplicates of evidence (forensic images)

Able to write cyber investigative reports documenting forensics findings

In depth knowledge and experience of:

identifying different classes and characterization of attacks and attack stages

CND policies, procedures and regulations

proactive analysis of systems and networks, to include creating trust levels of critical resources

system and application security threats and vulnerabilities

of network topologies, Wi-Fi Networking, and TCP/IP protocols

Splunk (or other SIEMs)

Vulnerability scanning, assessment and monitoring tools such as Security Center, Nessus, and Endgame

MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)

Must be able to work collaboratively across physical locations.

DESIRED SKILLS:

Experience and proficiency with the following tools and techniques:

EnCase, FTK, SIFT, X-Ways, Volatility, WireShark, Sleuth Kit/Autopsy, and Snort

EDR Tools: Crowdstrike, Carbon Black, Etc

Carving and extracting information from PCAP data

Non-traditional network traffic: Command and Control

Preserving evidence integrity according to national standards

Designing cyber security systems and environments in a Linux environment

Virtualized environments

Conducting all-source research

REQUIRED EDUCATION:

8+ years of experience and BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 10+ years of host or digital forensics or network forensic experience

DESIRED CERTIFICATIONS:

GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA

Requires expert or mastery level knowledge of work area, typically obtained through advanced education combined with experience.

May have deep knowledge of project management. Advanced knowledge of related disciplines within work area and ability to identify links and potential impact on projects, programs or systems.

TYPICALLY REQUIRES:

A University Degree or equivalent experience and minimum 10 years prior relevant experience, or An Advanced Degree in a related field and minimum 7 years experience Engineering/Other Technical Positions: Typically requires a degree in Science, Technology, Engineering or Mathematics (STEM) and a minimum of 10 years of prior relevant experience unless prohibited by local laws/regulations.