Lead Cyber Threat Hunter - Tyto Athene, LLC : Job Details

Tyto Athene is searching for a Lead Cyber Threat Hunter to support our customer in Arlington, Virginia.

Responsibilities:

• Actively hunt for Indicators of Compromise (IOC) and threat actor Tactics, Techniques, and Procedures (TTP) in the network and the host as necessary
• Search network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns, and hunt for Advanced Persistent Threats (APT)
• Create detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate teams
• Collaborate with the SOC and Threat Analysts to contain and investigate major incidents
• Provide simple and reusable hunt tactics and techniques to a team of security engineers, SIEM specialists, and SOC analysts
• Work with leadership and the engineering team to improve and expand available toolsets
• Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture
• Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs.

Required:

• Bachelor's degree in Computer Science, Information Technology, or related field and 8 years of relevant experience or a Masters degree and 4 years
• Experience with securing and hardening IT infrastructure
• Demonstrated or advanced experience with computer networking and operating systems
• Experience with operational security, including security operations center (SOC), incident response, malware analysis, or IDS and IPS analyses
• Demonstrated proficiency with regular expression and scripting languages, including Python or PowerShell
• Demonstrated proficiency with data hunting, including ELK, Splunk, Apache Spark, or AWS Stack
• Experience with network hunting, including Bro Logs, DNS, Netflow, PCAP, or firewalls and proxies
• Knowledge of Windows and Linux OS' and command line
• Ability to analyze malware, extract indicators, and create signatures in Yara and Snort
• Strong analytical skills and the ability to effectively research, write, communicate and brief varying levels of audiences to include at the executive level
• Knowledge related to the current state of cyber adversary tactics and trends
• Knowledge of the Splunk search language, search techniques, alerts, dashboards, and report building
• Knowledge of the TCP/IP networking stack and network IDS technologies

Desired:

• Previous experience working as a cyber threat hunter
• Experience with operational security, including security operations centers (SOC), incident response, digital forensics, and malware analysis
• Experience with major cloud service provider offerings
• Knowledge of offensive security tools and techniques

Clearance: Active Secret clearance required

Certification: DoD 8570 IAM/IAT Level II certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.

Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.