Listing Description
To ensure fastest possible review of your application, please apply via this link: https://smrtr.io/3YKrH
Gather, extract, and disseminate open source intelligence (OSINT) on threat actors targeting the Customer, health care industry, government agencies in general, as well as public sector.
Provide proactive event monitoring/event management/configuration of the following security tools for targeted threats and malicious activity including but not limited to: Splunk, Anomali, CISP, ThreatConnect, Palantir.
Provide Subject Matter Expert (SME) level evaluation on threats to an enterprise network as well as new technologies that could be leveraged to protect it by identifying security gaps with advanced analysis. Produce ‘white papers’ to customer to clearly document threat and how to address.
Work with industry partners to gather and share intelligence. Apply intelligence to the Customer network and systems to proactively identify potential cyber threats.
Review audit logs and identify any unusual or suspect behavior.
Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks.
Provide proactive APT hunting, incident response support, and advanced analytic capabilities.
Profile and track APT actors that pose a threat to the organization in coordination with threat intelligence support teams.
Support the incident response process by providing advanced analysis services when requested to include recommending containment and remediation processes, independent analysis of security events, and reporting of identified incidents to Incident Handling (IH). Provide security solutions and interpretations of security policies as they relate to specific security infrastructure, architectures and information systems in customer environment.
Coordinate meetings, compile reporting and manage deliverables.
Ensure IT security policies and controls are adequately addressed by conducting periodic quality control measurements including but not limited to IT security evaluations, audits, and reviews to verify that systems under customer purview are operating in a manner consistent with Customer, their Security Policies, controls and standards.
Evaluate, document and coordinate technical cyber security capabilities of various groups supporting the client, with an emphasis on risk, compliance, controls and logging.
Assist team in implementation and maintenance of various Cyber Operations systems and applications as needed; for example, NAC, IDS, etc.Top Secret clearance with SCI eligibility and the ability to undergo polygraph (if client requested)
Bachelor’s degree in an IT-related field or equivalent experience
Ten years (10+) years of cyber security experience; Eight years (8+) years of experience in a threat hunting role, including:
Advanced network forensic experience with the following application layer protocols HTTP/S, DNS, NTP, SSH, FTP, and SMTP.
Experience with advanced cyber security tools, network topologies, intrusion detection, PKI, and secured networks.
Interaction with C-level, SES, and Congressional members
Experience interpreting and implementing cyber security regulations.
Excellent verbal communication skills.
Excellent written skills for preparing reports and briefings.
Excellent analytical and problem solving skills.
Provide expert in-depth knowledge in collecting, analyzing, and escalating security events; responding to computer security incidents, and/or collecting, analyzing, and disseminating cyber threat intelligence
Certification (or ability to obtain certification) in at least one of the following areas: 1) Certified Counterintelligence Threat Analyst (CCTA), 2) Certified Cyber Intelligence Professional (CCIP), or 3) Certified Cyber Investigations Expert (CCIE).
At least one Splunk certification
Additional Qualifications:
Provide expert level knowledge of tools and technologies used for enterprise security
Proven ability and understanding of the components that comprise a successful information security program
Advanced Splunk certifications highly desired
Excellent written and verbal communication skills
Listing Details
- Citizenship: Top Secret
- Incentives: Both
- Education: Bachelors Degree
- Travel: Travel 25
- Telework: No Telecommute