Cyber Defense Threat Hunter

Cyber Defense Threat Hunter

Z FEDERAL is seeking a Mid-level Cyber Defense Incident Responder to work in our Washington DC office. The position is full time and will support a US Government civilian agency. This position requires an Active Top Secret Clearance and 10 years of relevant work experience.

Job Requirements:

• Identify threat tactics methodologies gaps and shortfalls aligned with the MITRE ATT&CK Framework and the Azure Threat Research Matrix (ATRM).
• Perform Hypothesis-based or Intelligence-based Cyber Threat Hunts to identify threats and risks within environments.
• Use cloud-native techniques and methods to identify and create threat detections for automated response activities.
• Use Agile methodology to organize intelligence hunts and project status.
• Be able to independently research intelligence reports to find actionable data for conducting intel or hypothesis-based hunts.
• Explore and correlate large data sets to uncover novel attack techniques monitor and catalog changes in activity group tradecraft and investigate alerts for enterprise customers.
• Conduct analysis of log files evidence and other information to determine the best methods for identifying the perpetrator(s) of a network intrusion.
• Confirm what is known about an intrusion and discover new information if possible after identifying intrusion via dynamic analysis.
• Create a forensically sound duplicate of the evidence (i.e. forensic image) that ensures the original evidence is not unintentionally modified to use for data recovery and analysis processes.
• Provide a technical summary of findings in accordance with established reporting procedures.
• Ensure that chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence.
• Recognize and accurately report forensic artifacts indicative of a particular operating system.
• Extract data using data carving techniques (e.g. Forensic Tool Kit FTK Foremost).
• Collect and analyze intrusion artifacts (e.g. source code malware and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise

Salary Range: $107000 - $121000 dependent upon qualifications and experience

Required Skills

• Bachelors degree or higher

• 10 years performing cyber threat hunting and forensics support for incident response.

• Certifications addressing identification of malicious system and user activity incident response in an enterprise environment timeline artifact analysis timeline collection timeline processing volatile data collection analysis of profiling of systems and devices analysis of file and program activity acquisition preparation and preservation of digital evidence analysis of user communications advanced IDS concepts applications protocols concepts of TCP/IP and the link layer DNS fragmentation IDS fundamentals and initial deployment (e.g. snort bro) IDS rules (e.g. snort bro) IPv6 network architecture and event correlation network traffic analysis and forensics or packet engineering

• 5 years of experience in digital forensics and incident response and threat hunt activities;

• Core Competencies in Computer Forensics Computer Network Defense Software Testing and Evaluation System Administration and Threat Analysis;

• All access to classified information will be within government controlled secure facilities.

Active Secret clearance

Desired Skills

• Proficiency with at least Python PowerShell or bash

• Extensive experience and proficiency in using query languages used in popular SIEM products (Splunk).

• Experience with producing finished intelligence content on threat actors and attacker techniques including written reports presentations and visuals covering attribution threat detection and hunting guidance and remediation recommendations.

• Experience conducting non-attributable research and conducting research using deep web.

• Preserve evidence integrity according to standard operating procedures or national standards.

• Ability to analyze memory dumps to extract information.

• Skill in identifying and extracting data of forensic interest in diverse media (i.e. media forensics).