JOB DESCRIPTION:
• SAIC is currently seeking candidates for a Sr. Cyber Security Threat Hunter - Tier II SOC Analyst, supporting one of our federal customers in Vienna, VA.
• This is an exciting opportunity to be part of a key team of cyber security professionals here at SAIC, supporting full life cycle cyber security operations for our customer.
• We are seeking an individual that can bring security analysis and incident response experience to support daily operations and help grow and mature our current SOC environment.
• As a Cyber Threat Hunter you will be responsible for participating in threat actor based investigations, creating new detection methodologies, and provided expert support to incident response and monitoring functions.
• The focus of the Threat Hunter is to detect, disrupt and the eradication of threat actors from enterprise networks.
• To execute this mission, the Threat Hunter will use data analysis, threat intelligence, and cutting-edge security technologies.
• You will also directly support the Security Operations Center by applying analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats, and perform incident response.
Responsibilities:
• General SIEM monitoring, analysis, content development, and maintenance.
• Research, analysis, and response for alerts; including log retrieval and documentation.
• Conduct analysis of network traffic and host activity across a wide array of technologies and platforms.
• Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts.
• Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management.
• Track threat actors and associated tactics, techniques, and procedures (TTPs).
• Capture intelligence on threat actor TTPs and develop countermeasures in response to threat actors.
• Analyze network traffic, IDS/IPS/DLP events, packet capture, and FW logs.
• Analyze malicious campaigns and evaluate effectiveness of security technologies.
• Develop advanced queries and alerts to detect adversary actions.
• Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting- edge security technologies.
• Design and build custom tools for investigations, hunting, and research.
• Assist in the design, evaluation, and implementation of new security technologies.
• Lead response and investigation efforts into advanced/targeted attacks.
• Hunt for and identify threat actor groups and their techniques, tools and processes.
• Identify gaps in IT infrastructure by mimicking an attacker’s behaviors and responses.
• Provide expert analytic investigative support of large scale and complex security incidents.
• Perform Root Cause Analysis of security incidents for further enhancement of alert catalog.
• Continuously improve processes for use across multiple detection sets for more efficient Security Operations.
• Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed.
• Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
• Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors.
• A passion for research, and uncovering the unknown about internet threats and threat actors.
• Ensure the SOC analyst team is providing excellent customer service and support.