Cyber Threat Hunter

Leidos is seeking a highly motivated and experiencedCyber Threat Hunterto join our DHS NOSC Cyber Team. This role supports the Department of Homeland Securitys mission to protect its enterprise-wide information systems from cyber threats through proactive monitoring intrusion detection and security services.

The ideal candidate is process-driven inquisitive and skilled at identifying patterns and anomalies in complex datasets.

About DHS NOSC

TheNetwork Operations Security Center (NOSC)is a U.S. Government program responsible for preventing identifying containing and eradicating cyber threats across DHS networks. NOSC provides monitoring intrusion detection and protective services for DHS information systems including:

• LAN/WAN infrastructure

• Public-facing websites

• Wireless and mobile/cellular networks

• Cloud environments

• Security devices servers and workstations

NOSC oversees the overall security of DHS enterprise systems and investigates and reports suspected or confirmed security violations.

Primary Responsibilities

• Develop threat models to assess the DHS IT enterprise identify defensive gaps and prioritize mitigations

• Author update and maintain SOPs playbooks and work instructions

• Use threat intelligence and models to formulate threat hypotheses

• Plan and execute threat hunt missions to validate hypotheses

• Proactively search systems and networks for advanced threats

• Analyze host network and application logs malware and code

• Prepare and present risk analyses and threat findings to stakeholders

• Recommend and assist in developing new security content (e.g. signatures alerts workflows automation)

• Collaborate across teams to enhance threat detection response and overall security posture

Basic Qualifications

• ActiveTS/SCI clearance; must also obtain a favorable Entry on Duty (EOD) determination from DHS HQ

• Bachelors degree in IT Cybersecurity Computer Science Information Systems Data Science or Software Engineering from an ABET or NCAE-C designated institution

• Minimum12-15 yearsof relevant experience (SOC Analyst Incident Responder)

  • A bachelors degree may substitute for up to 1 year of experience

  • A masters degree may substitute for up to 2 years of experience

• At leasttwo certificationsfrom the following: Security PenTest Cloud GSEC CEH CCE CFR CySA GCFA GCIA GCIH GDSA GICSP

• Strong ability to work independently; self-starter and self-motivated

• Must be aU.S. Citizen

Preferred Qualifications

• Expertise in network and host-based analysis and investigation

• Experience planning and executing threat hunt missions

• Understanding of enterprise network architecture (routing switching firewalls proxies load balancers)

• Completion of military cyber training courses: 4-11-C32-255S (CP) 4C-255N (CP) or 4C-255A (CP)

• Working knowledge of networking protocols (HTTP DNS SMB etc.)

• Familiarity with Windows and Linux operating systems

• Proficiency in scripting languages (Python PowerShell)

• Experience with Splunk SPL and/or Elastic DSL

• Proven ability to triage and respond to APT activities

• Experience with cloud and container platforms (AWS Azure O365 etc.)

• Deep understanding of the cyber threat landscape and adversary tactics

• Prior experience on a federal government threat hunt team especially DHS or DoD