Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DFIR & Threat Hunting Analyst
Company The Aerospace Corp.
Location Chantilly, VA
Preferred GIAC Certifications GCIH, GPEN, GCFA
Travel 10%
Salary 130,000-180,000
URL https://career8.successfactors.com/sfcareer/jobreqcareer?jobId=47030&company=C0000161227P&username=
Contact Name Caitlin Donnelly
Contact Email caitlin.donnelly/at/aero.org
Expires 2020-02-08

Job Description

Responsibilities
The Aerospace Corporation’s Cyber Assessment and Research Department (CARD) is looking for a qualified candidate to grow its capabilities in the areas of Digital Forensics & Incident Response (DFIR) and Threat Hunting. As a staff member, you will use your skills to aid Aerospace’s federal and civil customers in designing methods to enable the identification, protection against, and detection of network-based threats. Engineers and analysts with a strong understanding of how cyber threats are identified and the ability to manipulate data in creative ways are encouraged to apply.

This job role is available for Aerospace’s Chantilly, VA campus.

Key Functions
•Contribute to network assessments by analyzing collected logs and packet captures, assessing target network computer network defense (CND) posture, and time-lining intrusions through the evaluation of compromised systems
•Improvise and mature threat hunting concepts for unique mission networks built in a variety of environments including those with legacy operating systems, modern Windows/*NIX-based networks, or cloud platforms
•Prototype and develop applications to improve the quality of security assessments and introduce novel threat hunting techniques
•Utilize big data/machine-learning techniques to quickly assess large datasets for anomalous activity
•Inform the early stages of incident response actions and preserve the forensic value of data and affected systems

This position is available as a DFIR & Threat Hunting Analyst or Sr. DFIR & Threat Hunting Analyst

Qualifications
Required Qualifications for DFIR & Threat Hunting Analyst
•Bachelor of Science or graduate degree in Computer Science, Computer Engineering, Cybersecurity, Electrical Engineering, Data Science, Mathematics or a related field
•8 or more years professional IT security experience; or 5+ years of experience with a graduate degree
•2 or more years of experience in digital forensics, incident response, and/or threat hunting domains
•Ability to obtain and maintain a security clearance issued by the U.S. government. U.S. citizenship is required to obtain a security clearance
•Strong written and verbal communication skills
•Understanding of how traffic flows across a network and the relationship between risk and the usage of network protocols
•Knowledge of computer networking security technologies including firewalls, centralized log collection and analysis, intrusion detection/prevention systems, endpoint security solutions, and security information and event management (SIEM) frameworks
•Extensive experience with building detection methods against new and advanced Tactics, Techniques and Procedures
•Proficient using 2 of the following languages: C, Java, C++, Python, Bash, Ruby, JavaScript

Required Qualifications for Sr. DFIR & Threat Hunting Analyst
•All qualifications above for Project Leader
•Experience using multiple SIEM platforms for Security Information and Event Management (Splunk, LogRhythm, QRadar, ELK stack and variants)
•Knowledge and strategic implementation of a threat hunting maturity model
•12 or more years of professional IT security experience; or 8 or more years of experience with a graduate degree
•5+ years of experience in digital forensics, incident response, and/or threat hunting domains

Preferred
•Active Top Secret/SCI Security Clearance
•Certifications such as GIAC GCIH/GPEN/GCFA/GCNA/GCTI/GSE, Certified Ethical Hacker (CEH), OSCP, CompTIA Security+, CISSP
•Knowledge of security requirements and best practices (NIST SP, DISA STIGs, Center for Internet Security (CIS))
•Experience with cloud platforms & technologies including AWS, Azure, Kubernetes, Docker, and Jenkins
•Familiarity with machine-learning concepts and technologies like TensorFlow to quickly profile large datasets