Cyber Threat Hunt Lead

Description

The Leidos Digital Modernization sector is looking for a Cyber Threat Hunt Lead to support a Defensive Cyber Operations (DCO) team in Washington, DC.

Our team provides mission critical, 24/7 operational support to the customer's mission of protecting federal networked systems and services from cyber threats impacting national security. We are looking for a self-starter who is capable of independently performing their daily tasks, but also works well within a team that requires significant coordination and communication.

This is a hybrid position with the potential for 25% remote / 75% on-site shifts. While this position will primarily work normal business hours, this position will be supporting a team of analysts working 24/7 rotating shifts (days, swings, nights). As such, occasional shift work or weekend work may be required to fill unexpected gaps in coverage.

• Author and deploy novel countermeasures to eliminate threats and illuminate their activities.
• Perform Countermeasures Management Activities - Track and manage implementation and assess the effectiveness of countermeasures on an ongoing basis and revector actions as needed.
• Design and develop solutions to deliver automated cybersecurity services, conduct agile development & maintenance of automation script/tools to scale cybersecurity work across the enterprise.
• Maintain situational awareness of cyber activity by reviewing DoD, Intelligence Community and open-source reporting for new vulnerabilities, malware or other threats that have the potential to impact the customer enterprise.
• Monitor network/hosts/application security devices and support CSSP in providing detect, response, mitigation and recovery capabilities.
• Conduct and support Indications & Warnings intelligence process to Collect & Analyze information, Develop Collection and Analysis Strategies and, Report time-sensitive information supporting real world hunt and DCO operations.
• Perform Hunt Activities by utilizing advanced cyber analytics to mitigate the risk of Advanced Persistent Threats (APT) to the customer network through the implementation of a framework and proves to target, engage and respond to an APT adversary through an intelligence driven defense model.
• Provide recommendations for improvement in Training, Metrics, Governance and Knowledge Management.

• Bachelor's Degree and 8+ yrs of experience or Master's Degree and 6+ yrs of relevant experience; additional years of experience may be substituted in lieu of degrees, including experience leading a team or effort.
• Must have a DoD 8570 IAT Level II (or Level III) Certification (e.g. Sec+ CE)
• Must have a DoD 8570 CSSP Analyst Certification (e.g. CEH), OR able to obtain one within 180 days of starting.
• Must have a DoD 8570 CSSP Infrastructure Support Certification (e.g. CEH, CySA+, SSCP), OR able to obtain one within 180 days of starting.
• Must have strong computing system knowledge, particularly networking, including a knowledge of communication protocols and familiarity with common computing security elements such as IDS/IPS systems and firewalls.
• Must have experience analyzing packet captures.
• Must be able to pass additional customer suitability screenings/processing prior to start.
• Current DoD TS/SCI security clearance.

• Demonstrated expertise in network and host-based analysis and investigations
• Experience planning and executing threat hunt missions.
• Demonstrated understanding of complex enterprise networks to include routing, switching, firewalls, proxies, and load balancers.
• Expertise working with Windows and Linux based systems.
• Proficiency with scripting languages such as Python and PowerShell.
• Demonstrated familiarity with Splunk Processing Language (SPL), Elastic Domain Specific Language (DSL) and/or Kusto Query Language (KQL).
• Experience working with various technologies and platforms such as AWS, Azure, O365, containers, etc.
• Demonstrated understanding of current threat landscape, tactics used by adversaries and methodology used to investigate, analyze, mitigate and recover from attacks.
• Previous experience as a member of a hunt team.