Cyber Threat Analyst

Laurel, MD, United States

Description Are you interested in being part of a highly collaborative Cybersecurity Research & Hunt Team?

Are you inquisitive and analytical with deep knowledge in Cybersecurity?

If so, we're looking for someone like you to join our team at APL!

We are ranked as one of Computerworld 's Top Places to Work in IT 5 years running and weare seeking a Cybersecurity Analyst to help us track advanced cyber threats tradecraft, keeping up with an evolving threat landscape, pivoting on and analyzing data to identify malicious behaviors. Perform real-time incident handling, independently following and creating procedures to analyze and contain malicious activity. Collect evidence to include digital media, logs, and malware to perform analysis associated with cyber intrusions. Maintain an understanding of attack methodologies and use information operationally. Make recommendations and create or modify processes and procedures based on knowledge of advanced threat behaviors. Identify and analyze threats, using OSINT, Threat Intelligence, research, and leveraging enrichment resources.

As a Cybersecurity Hunt Analyst:

Hunt for sophisticated cyber threats by analyzing data to identify malicious behaviors. Perform real-time incident handling, independently following as well as creating procedures to analyze and contain malicious activity. Collaboratively engages with peers to build a combined and comprehensive effort to respond to cyber incidents. Collect evidence across multiple platforms as well as collecting malware to perform analysis associated with cyber intrusions. Maintain current knowledge of threat intelligence and adversarial behaviors to use operationally.

Develops and enhances content and methodologies for hunting, monitoring, and responding to incidents that occur in multiple platforms (on-premises, SaaS, IaaS, IAM). Matures processes, work flows, and documentation. Determines high fidelity behavioral patterns and crafts content in multiple tools.

Participate in project and multi-functional security teams requiring interaction with system administrators, cloud engineers, IAM administrators, networking staff, application developers, IT operations staff, and cyber research and development areas within the organization in order to identify and implement information assurance controls and risk mitigations for IT operations. Provide routine reporting on goals and objectives to management.

Qualifications You meet our minimum qualifications for the job if you...

Bachelor's Degree in Information Security, a security related field, or equivalent experience that provides the knowledge, skills, and abilities to be successful.

7+ years experience working in multi-platform complex network environments.

5+ years experience working in an operational multi-platform cybersecurity environment.

Proficiency with extracting and manipulating data, using scripting languages such as Python, PowerShell, SPL or others.

Possess knowledge of cloud-based threats, cloud IAM exploits, cloud-based privileged escalation, and cloud-based lateral movement.

Have proficient comprehension of IAM authentication anomalies and the means adversaries use to exploit and bypass multi-factor authentication.

Understanding of operating systems normal activities, OS internals, MITRE ATT&CK, and identifying anomalous behaviors.

Experience with Assume Breach methodologies and proficient understanding of attack methodologies of Nation State adversaries, including living off the land and TTPs outlined in MITRE ATT&CK framework.

Experience analyzing data with technologies like Splunk, ELK, Hadoop, Python, or SQL.

Technical experience in some of the following areas: Azure, AWS, SaaS, CAASM, SASE, SSE, IAM, EDR, Suricata, Zeek, Full Packet capture technologies, Firewall, Proxy, and Sandbox technologies.

Experience with memory analysis, host based anomaly detection, and network anomaly detection.

Experience and understanding of Red Team and Threat Emulation exercises.

Are able to obtain a Secret security clearance. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.

You'll go above and beyond our minimum requirements if you...

Master's Degree in Cybersecurity or a related field.

Why work at APL?

The Johns Hopkins University Applied Physics Laboratory (APL) brings world-class expertise to our nation's most critical defense, security, space and science challenges. While we are dedicated to solving complex challenges and pioneering new technologies, what makes us truly outstanding is our culture. We offer a vibrant, welcoming atmosphere where you can bring your authentic self to work, continue to grow, and build strong connections with inspiring teammates.

At APL, we celebrate our differences and encourage creativity and bold, new ideas. Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance. APL's campus is located in the Baltimore-Washington metro area. Learn more about our career opportunities athttp://www.jhuapl.edu/careers.

About Us APL is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender identity or expression, sexual orientation, national origin, age, physical or mental disability, genetic information, veteran status, occupation, marital or familial status, political opinion, personal appearance, or any other characteristic protected by applicable law.

APL is committed to promoting an innovative environment that embraces diversity, encourages creativity, and supports inclusion of new ideas. In doing so, we are committed to providing reasonable accommodation to individuals of all abilities, including those with disabilities. If you require a reasonable accommodation to participate in any part of the hiring process, please contact [email protected]. Only by ensuring that everyone's voice is heard are we empowered to be bold, do great things, and make the world a better place.