The position is onsite in Springfield, VA and requires an active TS/SCI for consideration. A CI polygraph is also required within 12 months.

A Cyber Threat Hunter is part of a team of skilled Cybersecurity professionals that support the design, build, and sustainment of the Cyber-Security Operation Center (CSOC) within the organization. Hunt Team Members interact daily and provide support to the overall CSOC through a wide variety of industry leading capabilities and data sets to include Endpoint Telemetry data, Live Network Packet Capture, IDS/IPS, Security Orchestration, Automation, and Response (SOAR), Cyber Threat Emulation (CTE), and Data Analytics Platforms.

What You'll Get to Do:

• Perform proactive detection of advanced threat actors within the network
• Uncover visibility gaps, while working with the network monitoring and advanced analytics teams to improve detection capabilities and security controls
• Research new security topics (mostly based on MITRE ATT&CK Framework), develop and test your hypotheses, and share your knowledge and findings with teammates as well as management
• Responsible for creating detailed reports on Hunt mission findings for the customer
• Responsible for developing and maintaining standard processes and operating procedures, creating technical architecture diagrams and system build documentation

You'll Bring These Qualifications:

• Bachelor's Degree in a Technical field (i.e. Information Technology, Information Systems,
  Computer Science)
• 4+ years of experience within a Cyber Security Operation Center or as an Intelligence Officer
• 2+ years' experience supporting security incidents response activities
• Solid understanding of threat actors, threat campaigns, malware analysis, and/or DFIR while keeping up to date on the latest innovation in cybersecurity
• Ability to brief Sr. Leadership to include SOC Director's, CISO's or Agency Director
• Solid writing skills and ability to create threat diagrams as needed
• DoD 8140.01 and DoD 8570.01-M.IAT Level III Certification
• Experience utilizing SIEM or Data Analytics capability (e.g. ELK, ArcSight, or Splunk)
• Experience utilizing endpoint security technologies (e.g. CarbonBlack, Endgame, or FireEye HX)
• Understanding of the MITRE ATT&CK framework and deep understanding of the tactics,
  techniques and procedures within the ATT&CK framework
• Multi-tasker who is able to work effectively on a team, as well as independently, with minimal supervision

These Qualifications Would be Nice to Have:

• Master's Degree in a Technical field, Political Science, Business Intelligence, Data Science, or Intelligence Analysis
• Strong understanding of Indicators of Compromise (IOC) (e.g. YARA, STIX)
• Experiences with Maltego, Analyst Notebook, or Analyst Platform
• Scripting skills (BASH, Python, PowerShell)
• Desirable certifications include, but not limited to: CISSP, GCIH, GCIA, GCFE, GREM, GCFA, GSEC, CEH, or equivalent Certifications