Threat Hunt Analyst with Security Clearance - San Francisco, United States - Gray Tier LLC

    Gray Tier LLC
    Gray Tier LLC San Francisco, United States

    2 weeks ago

    Default job background
    Permanent Technology / Internet
    Description

    Primary Responsibilities:

    The ideal Cyber Threat Hunter is someone who is process driven, curious, and enjoys identifying patterns and anomalies in data that are not immediately obvious.


    The Cyber Threat Hunter will:

    • Create Threat Models to better understand the CBP IT Enterprise, identify defensive gaps, and prioritize mitigations
    • Author, update, and maintain SOPs, playbooks, work instructions
    • Utilize Threat Intelligence and Threat Models to create threat hypotheses
    • Plan and scope Threat Hunt Missions to verify threat hypotheses
    • Proactively and iteratively search through systems and networks to detect advanced threats
    • Analyze host, network, and application logs in addition to malware and code
    • Prepare and report risk analysis and threat findings to appropriate stakeholders
    • Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation
    • Coordinate with different teams to improve threat detection, response, and improve overall security posture of the

    Enterprise Basic Qualifications:

    The ideal candidate will have the following qualifications:

    • Expertise in network and host based analysis and investigation
    • Demonstrated experience planning and executing threat hunt missions
    • Understanding of complex Enterprise networks to include routing, switching, firewalls, proxies, load balancers
    • Working knowledge of common (HTTP, DNS, SMB, etc) networking protocols
    • Familiar with operation of both Windows and Linux based systems
    • Proficient with scripting languages such as Python or PowerShell
    • Familiarity with Splunk Search Processing Language (SPL) and/or Elastic Domain Specific Language (DSL)
    • The candidate must currently possess a Top Secret Clearance. In addition to clearance requirement, all CBP personnel must have a current or be able to favorably pass a 5 year background investigation (BI).
    • Should have 2 years of experience serving as a SOC Analyst or Incident Responder
    • Ability to work independently with minimal direction; self-starter/self-motivated