HHS Threat Hunter

Rockville, MD - USA

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Threat Hunter to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:

Bachelors degree in Cybersecurity Information Technology Computer Science or related field.
Minimum 58 years of experience in threat hunting incident response or SOC operations.
Hands-on experience with enterprise SIEM EDR and network security tools.
Strong understanding of MITRE ATT&CK kill chain analysis and adversary behaviors.
Experience analyzing large-scale security telemetry and logs.
Knowledge of NIST SP 800-61 NIST SP 800-53 and federal incident response requirements.
Strong analytical scripting and technical writing skills.
Active GCED GCTI GCIA or CISSP (preferred).

Duties:

Conduct proactive hypothesis-driven threat hunting to identify advanced persistent threats insider threats and stealthy adversary activity.
Analyze system endpoint network cloud and application telemetry to identify anomalous behaviors.
Develop and refine threat hunting hypotheses based on threat intelligence MITRE ATT&CK techniques and observed trends.
Perform in-depth log analysis using SIEM and security analytics platforms.
Identify analyze and validate Indicators of Compromise (IOCs) and adversary TTPs.
Collaborate with SOC Analysts and Incident Responders to escalate confirmed threats.
Develop and tune detection rules correlation searches and behavioral analytics.
Produce weekly threat hunting reports documenting methodologies findings and recommendations.
Support malware analysis and reverse engineering activities when required.
Integrate threat intelligence feeds from HHS CSIRC CISA and other trusted sources.
Assist in containment eradication and remediation activities during confirmed incidents.
Support incident response playbooks SOP updates and continuous improvement initiatives.
Participate in cyber exercises tabletop exercises and red/purple team engagements.
Maintain documentation for threat hunting workflows tools and techniques.

Required Experience:

Senior IC

Bachelors degree in Cybersecurity Information Technology Computer Science or related field.
Minimum 58 years of experience in threat hunting incident response or SOC operations.
Hands-on experience with enterprise SIEM EDR and network security tools.
Strong understanding of MITRE ATT&CK kill chain analysis and adversary behaviors.
Experience analyzing large-scale security telemetry and logs.
Knowledge of NIST SP 800-61 NIST SP 800-53 and federal incident response requirements.
Strong analytical scripting and technical writing skills.
Active GCED GCTI GCIA or CISSP (preferred).

Duties:

Conduct proactive hypothesis-driven threat hunting to identify advanced persistent threats insider threats and stealthy adversary activity.
Analyze system endpoint network cloud and application telemetry to identify anomalous behaviors.
Develop and refine threat hunting hypotheses based on threat intelligence MITRE ATT&CK techniques and observed trends.
Perform in-depth log analysis using SIEM and security analytics platforms.
Identify analyze and validate Indicators of Compromise (IOCs) and adversary TTPs.
Collaborate with SOC Analysts and Incident Responders to escalate confirmed threats.
Develop and tune detection rules correlation searches and behavioral analytics.
Produce weekly threat hunting reports documenting methodologies findings and recommendations.
Support malware analysis and reverse engineering activities when required.
Integrate threat intelligence feeds from HHS CSIRC CISA and other trusted sources.
Assist in containment eradication and remediation activities during confirmed incidents.
Support incident response playbooks SOP updates and continuous improvement initiatives.
Participate in cyber exercises tabletop exercises and red/purple team engagements.
Maintain documentation for threat hunting workflows tools and techniques.