Listing Description
Senior Cyber Threat Hunter
Location(s): Richmond, VA; All FRS Bank Locations; Remote Employment Eligible
The Richmond Fed is the proud home of the Federal Reserve’s National IT organization—a nationwide team delivering technology solutions and support across the Federal Reserve System. Many National IT employees are located in Richmond, while others are based across the U.S. at other Federal locations.
When you join our team, you’ll become part of a culture that welcomes differences, cares about our communities, and empowers each other to lead from where we are to make things better. Bring your passion and we’ll provide challenging and purposeful careers in a variety of fields, opportunities to grow and a wide range of benefits and perks that support your health and wealth. It’s all part of what makes #MyRichmondFed a great place to work!
About the Opportunity
Our National Incident Response Team (NIRT), a national service provider for the Federal Reserve System (FRS), delivers effective and efficient national intrusion detection, incident response, security intelligence, threat assessment, and vulnerability assessment services for the FRS. NIRT’s mission is to play a leading role in the FRS’ efforts to protect its information systems against unauthorized use.
NIRT’s Malware Analysis & Threat Hunting team has an immediate opening for a motivated intelligence or security professional to join their team as a Senior Cyber Threat Hunter.
As a Senior Cyber Threat Hunter, you will report to the Senior Manager- Information Security and work on an agile team that effectively detects, analyses, and investigates information security incidents for NIRT's customers across the United States. You will utilize Threat Intelligence and Threat Models to create threat hypotheses, plan and scope Threat Hunt Missions to verify threat hypotheses, prepare and report risk analysis and threat findings to appropriate stakeholders, and have the opportunity to combine your technical expertise with your imagination to discover innovative methods for ensuring that the FRS remains one step ahead of its adversaries around the world.
What You Will Do
- Utilize Threat Intelligence and Threat Models to create threat hypotheses
- Plan and scope Threat Hunt Missions to verify threat hypotheses
- Proactively and iteratively search through systems and networks to detect advanced threats
- Prepare and report risk analysis and threat findings to appropriate stakeholders
- Identify and propose automated alerts for new and previously unknown threats
- Coordinate with different teams across operations, intel, and engineering to iteratively improve security controls and detection capabilities
- Direct or lead cybersecurity related activities to mitigate cyber security incidents
- Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings)
- Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs
- Coordinate with intelligence analysts to correlate threat assessment data
- Maintain expert knowledge of advanced persistent threats tools, techniques, and procedures (TTPs), as well as forensics and incident response practices
- Maintain situational awareness and reports on advanced threats, including Advanced Persistent Threat (APT) and incidents
- Analyze data to detect active threats within the network using knowledge of the current threat landscape, threat actor techniques, and the internal network
- Coordinate response, triage, and recovery activities for security events
- Develop attack detection guidance & response playbooks, counter-measure definition and strategies to mitigate emerging threats
- Support micro-PTX (purple team exercises) with monitoring for new detection opportunities
- Be a key contributor for initiatives by driving process improvements, strategic planning, accountability, fostering a collaborative work environment and properly managing communications
- Provide strategic guidance and support to business partners and leaders during complex situations
- Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation
Qualifications
- Bachelor’s degree in Information Technology, Computer Science, or a related field; or equivalent work experience
- 3-5 years in a professional Intrusion Detection or Incident Response role
- The following certifications are highly preferred:
- SANS GCIH (GIAC Certified Incident Handler)
- SANS GCFA (GIAC Certified Forensic Analyst)
- SANS GCIA (GIAC Certified Intrusion Analyst)
- Expertise in network, host, and cloud-based analysis and investigation
- Demonstrated expertise in cloud security, telemetry, and attack techniques
- Demonstrated experience planning and executing threat hunt missions
- Expertise with operation of both Windows and Linux based systems
- Proficient with scripting languages such as Python or PowerShell
- Experience with exploratory data analysis and/or machine learning
- Proficiency in identifying cyber-attack campaigns
- Excellent communication skills
- Deep curiosity and ability to quickly learn new technologies
- Ability to able to obtain and maintain a National Security Clearance. Ability to obtain a clearance requires US Citizenship.
Discover the Reason Why So Many People Love It Here!
When you join Federal Reserve’s National IT organization, not only will you find a challenging and purposeful career, you’ll also have access to a wide range of benefits and perks that support your health and wealth, including:
- Great medical benefits
- Pension and 401(k) with employer match
- Paid time off
- Tuition reimbursement
- Employee resource networks
- Paid volunteer leave
- Flexible work options
- Onsite amenities that make working here fun!
Other Requirements and Considerations:
-
A requirement of this position is that the employee must be fully vaccinated against COVID-19; individuals who are unable to be vaccinated due to a medical condition or sincerely held religious belief may request an accommodation from the Bank.
-
Candidates should review the Bank’s Employee Code of Conduct to ensure compliance with conflict of interest rules and personal investment restrictions. The Code is available on the About Us, Careers webpage at www.richmondfed.org.
-
Sponsorship is not available for this role. Selected candidate is subject to special background check procedures including criminal check, credit check, and drug screen.
-
By federal law, the candidate hired for this position must able to obtain and maintain a National Security Clearance. Ability to obtain a clearance requires US Citizenship.
-
Salary offered will be based on the job responsibilities and the individual’s knowledge, skills, and experience as defined in the job qualifications/experience. For candidates located outside of Richmond, VA, listed salary ranges may be adjusted based on your geographic location.
-
Applications are reviewed on a rolling basis.
Listing Details
- Salary: $109000 - $140000
- Citizenship: Us Citizen
- Incentives: Bonus
- Education: Bachelors Degree
- Travel: No Travel
- Telework: Optional Telecommute