Job Details
Our client is looking for a Security Consultant (DFIR) to join their team at a well known cybersecurity firm.
In this role you will perform incident response and threat hunting-related tasks. You will work with various security solutions including SIEM, EDR, UEBA, and SOAR solutions. This is a heavy Linux/CentOS environment, so experience is required. Familiarity with MITRE ATT&CK framework and consulting experience is a plus.
This is a hybrid role in Springfield, VA.
Candidate must be a U.S. Citizen. Candidates must hold an active TS clearance and be willing to obtain a SCI clearance.*
For a quicker response, please apply directly to this role here:
Responsibilities:
25% Threat Hunting
- Develop and enhance threat hunting methodologies and hypotheses
- Implement, validate and normalize threat data collection sources
- Improve and enhance threat hunting maturity levels
- Enhance SIEM threat hunting capabilities
- Participate in hunt missions using Threat Hunting Platforms to identify, detect and investigate threats on the enterprise network and/or cloud networks.
- Participate in hunting missions using searching techniques to identify, detect and investigate threats on the enterprise network and/or cloud networks.
- Participate in hunting missions using searching or clustering techniques to identify, detect and investigate threats actors and advanced adversaries on the enterprise network and/or cloud networks
- Attack vectors from MITRE ATT&CK framework
- Perform OSINT collection and threat profile analysis
- Research threat actor analysis and capability
- Current trends and threat landscape
- Build and manage threat research and sharing relationships Sector-based Information Sharing Analysis Centers (ISACs)
- Participate in incident response as a member of the CSIRT
20% Incident Response
- Respond to incidents involving malware
- Respond to network based attacks
- Monitor system events, logfiles and alerts
- Perform incident detection
- Program and write scripts
20% Security Engineering
- Perform infrastructure and cloud security design
- Install, maintain, and patch security products
- Monitor system events, log files and alerts
- Evaluate new security products and solutions
- Interact with cloud based platforms
20% Security Operations
- Harden systems for cyber resilience
- Research new threats, attack techniques and methods
- Participate in business continuity and disaster planning
15% Threat Intel
- Collect, review, analyze, process and enrich open source and/or commercial threat datasets
- Create and deliver technical alerts, reports, and vulnerability notifications
- Gather and record key indicators and information about threat campaigns and infrastructure
- Prepare assessments and cyber threat profiles of current events based on collection, research and analysis of open source information
- Provide intelligence support during incident response and forensic security investigations
- Process and enrich information to ensure timely, actionable, high confidence IOC's are ingested and shareable
- Conduct technical analysis based upon industry accepted threat intelligence analytical frameworks, tools, and standards
- Develop and maintain threat profiles and the associated tactics, techniques, and procedures used to infiltrate computer networks
- Apply technical knowledge of security architectures, tools and controls to proactively detect, mitigate, and resolve advanced cyberattacks and/or threats.
Requirements:
- Must actively hold a TS clearance and be willing to obtain a SCI.
- 5+ years of experience in incident response and threat hunting.
- Hands-on experience with security solutions including SIEM, EDR, UEBA, and SOAR solutions.
- Must have extensive command line experience with Linux.
Why CyberSN?
CyberSN is the Cybersecurity Jobs and Career Marketplace. From online matching to full-service recruitment, CyberSN provides professionals and hiring teams with the expertise, information, tools, connections, and services they need to maximize career success, job satisfaction, team performance, diversity, and retention.