No more applications are being accepted for this job
- Create Threat Models to better understand the CBP IT Enterprise, identify defensive gaps, and prioritize mitigations
- Author, update, and maintain SOPs, playbooks, work instructions
- Utilize Threat Intelligence and Threat Models to create threat hypotheses
- Plan and scope Threat Hunt Missions to verify threat hypotheses
- Proactively and iteratively search through systems and networks to detect advanced threats
- Analyze host, network, and application logs in addition to malware and code
- Prepare and report risk analysis and threat findings to appropriate stakeholders
- Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation
- Coordinate with different teams to improve threat detection, response, and improve overall security posture of the
- Expertise in network and host based analysis and investigation
- Demonstrated experience planning and executing threat hunt missions
- Understanding of complex Enterprise networks to include routing, switching, firewalls, proxies, load balancers
- Working knowledge of common (HTTP, DNS, SMB, etc) networking protocols
- Familiar with operation of both Windows and Linux based systems
- Proficient with scripting languages such as Python or PowerShell
- Familiarity with Splunk Search Processing Language (SPL) and/or Elastic Domain Specific Language (DSL)
- The candidate must currently possess a Top Secret Clearance. In addition to clearance requirement, all CBP personnel must have a current or be able to favorably pass a 5 year background investigation (BI).
- Should have 2 years of experience serving as a SOC Analyst or Incident Responder
- Ability to work independently with minimal direction; self-starter/self-motivated
Threat Hunt Analyst with Security Clearance - San Francisco, United States - Gray Tier LLC
Gray Tier LLC
San Francisco, United States
2 weeks ago
Description
Primary Responsibilities:
The ideal Cyber Threat Hunter is someone who is process driven, curious, and enjoys identifying patterns and anomalies in data that are not immediately obvious.
The Cyber Threat Hunter will:
Enterprise Basic Qualifications:
The ideal candidate will have the following qualifications: