Employer Active
EXPERIENCE AND EDUCATION:
Essential Qualifications/Experience:
A university degree at a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 2 years of specific experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidates particular abilities or experience that is/are of interest to NCI Agency; that is, at least 4 years extensive and progressive expertise in the duties related to the function of the post
Expert level in at least three of the following areas and a high level of experience in several of the other areas
Cybersecurity threat hunting
MITRE ATT&CK Framework
Security Incidents Event Management products (SIEM) e.g. Splunk
Splunk Processing Language
Network Based Intrusion Detection Systems (NIDS) e.g. SourceFire, Palo Alto Network Threat Prevention
Host Based Intrusion Detection Systems (HIDS)
Sysmon
Full Packet Capture systems e.g. Niksun, RSA/NetWitness
Computer security tools (Vulnerability Assessment, Anti-virus, Protocol Analysis, Anti-Virus, Protocol Analysis, Anti-Spyware, etc.)
Proficiency in Intrusion/Incident Detection and Handling
Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications
Industry leading certification in the area of Cybersecurity such as GCFA, GCIA, GNFA
Knowledge and experience in Splunk Enterprise Security suite
A good understanding of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to the protection of CIS infrastructures
Knowledge and experience in threat hunting in corporate/government level environment
Strong knowledge of malware families and network attack vectors
Experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets
Ability to analyze attack vectors against a particular system to determine attack surface
Provide subject matter expertise supporting the end-to-end threat hunting process
Develop hypotheses to be used in a threat hunt
Create security tool content such as searches, reports and dashboards to facilitate threat hunting
Perform in-depth analysis of suspicious activity to deliver conclusions and recommendations
Review and develop logging configurations to enable a comprehensive threat hunting capability
Develop and document threat hunting procedures
Share the results of threat hunts via presentations and technical reports
Full Time