Cyber Threat Hunter – SME

Posted 3 Days Ago
Be an Early Applicant
Arlington, TX
Senior level
Security • Software • Cybersecurity
The Role
The Cyber Threat Hunter SME will support the DHS Hunt and Incident Response Team by analyzing network incidents, performing security assessments, collecting intrusion artifacts, and documenting investigative findings. The role involves both on-site and remote support, leveraging advanced cybersecurity analysis capabilities to ensure national security.
Summary Generated by Built In

Gray Tier Technologies is looking for a Cyber Threat Hunter SME to support The Department of Homeland Security (DHS) Hunt and Incident Response Team (HIRT). DHS HIRT secures the Nation’s cyber and communications infrastructure. HIRT provides DHS’s front-line response for cyber incidents and proactively hunting for malicious cyber activity. Gray Tier Technologies performs HIRT investigations to develop a preliminary diagnosis of the severity of breaches. Gray Tier provides HIRT remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities. This role provides remote and onsite advanced technical assistance for proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based and cloud-based cybersecurity analysis capabilities. Team personnel provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity. We are seeking a Threat Hunters to support this critical customer mission.

Responsibilities:

- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack

- Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations

- Collects network intrusion artifacts (e.g., PCAP, domains, URI’s, certificates, etc.) and uses discovered data to enable mitigation of potential incidents

- Collects network device integrity data and analyze for signs of tampering or compromise

- Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information

- Tracking and documenting on-site incident response activities and providing updates to leadership through executive summaries and in-depth technical reports

- Planning, coordinating and directing the inventory, examination and comprehensive technical analysis of computer related evidence

- Serving as technical forensics liaison to stakeholders and explaining investigation details

Required Skills:

- U.S. Citizenship

- Must have an active Secret clearance (TS/SCI eligible) and be able to obtain DHS Suitability

- 8+ years of directly relevant experience in cyber forensic and network investigations using leading edge technologies and industry standard forensic tools

- Experience with reconstructing a malicious attack or activity

- Ability to characterize and analyze network traffic, identify anomalous activity / potential threats, analyze anomalies in network traffic using metadata

- Ability to create forensically sound duplicates of evidence (forensic images)

- Able to write cyber investigative reports documenting forensics findings

- In depth knowledge and experience of:

identifying different classes and characterization of attacks and attack stages

CND policies, procedures and regulations

proactive analysis of systems and networks, to include creating trust levels of critical resources

system and application security threats and vulnerabilities

of network topologies, Wi-Fi Networking, and TCP/IP protocols

Splunk (or other SIEMs)

Vulnerability scanning, assessment and monitoring tools such as Security Center, Nessus, and Endgame

MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)

- Must be able to work collaboratively across physical locations.

Desired Skills:

- Experience and proficiency with the following tools and techniques:

EnCase, FTK, SIFT, X-Ways, Volatility, WireShark, Sleuth Kit/Autopsy, and Snort

EDR Tools: Crowdstrike, Carbon Black, Etc

Carving and extracting information from PCAP data

Non-traditional network traffic: Command and Control

Preserving evidence integrity according to national standards

Designing cyber security systems and environments in a Linux environment

Virtualized environments

Conducting all-source research

Required Education:

8+ years of experience and BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 10+ years of host or digital forensics or network forensic experience

Desired Certifications:

- GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA

Requires expert or mastery level knowledge of work area, typically obtained through advanced education combined with experience.

May have deep knowledge of project management. Advanced knowledge of related disciplines within work area and ability to identify links and potential impact on projects, programs or systems.

Typically requires:

A University Degree or equivalent experience and minimum 10 years prior relevant experience, or An Advanced Degree in a related field and minimum 7 years experience Engineering/Other Technical Positions: Typically requires a degree in Science, Technology, Engineering or Mathematics (STEM) and a minimum of 10 years of prior relevant experience unless prohibited by local laws/regulations.

Top Skills

Cybersecurity
Digital Forensics
Incident Response
Network Analysis
Splunk
Tcp/Ip
The Company
HQ: Alexandria, VA
18 Employees
On-site Workplace
Year Founded: 2015

What We Do

Gray Tier Technolgies is a privately held company providing full cyclic cybersecurity services and products. Gray Tier is headquartered in Alexandria, VA with offices in Orlando, FL and Denver Co. Our vision is to be the premier security services and solutions provider for our Enterprise, Government, and military customers. To prepare our customers to defend their systems against global cyber threats. By leveraging our many years of defending mission-critical systems for the US military we are here to help you safeguard your corporate data from attackers. Gray Tier’s experts use techniques and tactics from world-wide cyber threats to provide a realistic evaluation of your network defenses against today’s adversaries.

Similar Jobs

Capital One Logo Capital One

Senior Cyber Threat Hunter

Fintech • Machine Learning • Payments • Software • Financial Services
Hybrid
Plano, TX, USA
55000 Employees
188K-230K Annually
Irving, TX, USA
23630 Employees
139K-232K Annually

Capital One Logo Capital One

Senior Lead Information Security Office (ISO) Consultant

Fintech • Machine Learning • Payments • Software • Financial Services
Hybrid
Plano, TX, USA
55000 Employees
235K-284K Annually

Cloudflare Logo Cloudflare

Senior Manager, IT SOX

Cloud • Information Technology • Security • Software • Cybersecurity
Hybrid
Austin, TX, USA
3900 Employees
205K-251K Annually

Similar Companies Hiring

Silverfort Thumbnail
Security • Sales • Information Technology • Cybersecurity • Automation
GB
357 Employees
bet365 Thumbnail
Software • Gaming • eSports • Digital Media • Automation
Denver, Colorado
6100 Employees
Jobba Trade Technologies, Inc. Thumbnail
Software • Professional Services • Productivity • Information Technology • Cloud
Chicago, IL
45 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account