Full Time Employee Contractor
We’re currently looking to hire a Team Lead for a Threat Intelligence/Hunt Operations Cell supporting a high profile customer! You'll be working with some of our nation’s best to solve challenging security
problems and identify sophisticated adversaries in a fast-paced and continuously evolving environment, while helping steer the direction and evolution of the team. The Analysis Cell evaluates threats to
the environment and is responsible for enabling an intelligence driven defense that detects potentially malicious events occurring within our customer enterprise networks.
A successful candidate will have working experience with security monitoring tools and have the ability to work closely with other cells supporting the customer’s CND mission. This position requires a high
aptitude in Information Security technologies, the supporting infrastructure, an understanding of cyber espionage groups and their TTPs, as well as the many aspects involved with Threat Intelligence sharing. In addition the candidate should have the ability to proactively hunt to identify advanced security incidents. In this role, you will be rewarded with a wide variety of technologies to master along with a closely-knit, enthusiastic team that consistently is recognized as some of the top performers on the project! The candidate will also support our engineering team and fellow security analysts by providing expert analysis and insight into attack campaigns and threats to better inform engineering and network defense decisions.
- A bachelor’s degree in computer engineering, computer science, cyber security, or other closely related IT discipline.
- Proven ability to lead technical, highly performing teams.
- Strong analytical and problem solving skills.
- Minimum of five (5) years of progressively responsible experience in cyber security analysis, incident response, or related experience.
- Good interpersonal, organizational, writing, communications and briefing skills.
- 8570-compliant IAT Level I or CND-A
(U) DESIRED Qualifications:
- Previous experience as Cyber Threat Researcher or Cyber Intelligence Analyst.
- Research experience in tracking cyber threat and malware campaign activity
- Tool agnostic ability to conduct preliminary malware analysis.
- Ability to create, modify, and implement both Snort and YARA signatures.
- Prior experience in network forensics with an emphasis on detecting malicious activity using network traffic
- Strong understanding of Operating Systems and Network Protocols
- Strong scripting and task automation skills
- Experience doing dynamic malware analysis
* If the candidate meets all of the qualifications, skills and experience for this labor category, but lacks a bachelor’s degree, then eight to ten (8 to 10) years of relevant work experience may be
substituted for a bachelor’s degree.
Specific tasks may include but are not limited to the following:
• Construct and exploit threat intelligence to detect, respond, and defeat advanced persistent threats (APTs)
• Fully analyze network and host activity in successful and unsuccessful intrusions by advanced attackers
• Piece together intrusion campaigns, threat actors, and nation-state organizations
• Conduct advanced threat hunt operations using known adversary tactics, techniques and procedures as well as indicators of attack in order to detect adversaries with persistent access to the
• Develop and produce reports on all activities and incidents to help maintain day to day status, develop and report on trends, and provide focus and situational awareness on all issues.
• Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs.
• Notify the management team of significant changes in the security threat against the government networks in a timely manner and in writing via established reporting methods.
• Coordinate with appropriate organizations within the intelligence community regarding possible security incidents.
• Maintain knowledge of the current security threat level by monitoring related Internet postings, Intelligence reports, and other related documents as necessary.
• Develop and utilize “Case Management” process for incident and resolution tracking.
To apply for this job, contact: