Cyber Security Threat Hunter
Hines, Illinois, United States
Maveris
Maveris is an IT and cybersecurity company committed to helping organizations create secure digital solutions to accelerate their mission. We are Veteran-owned and proud to serve customers across the Federal Government and private sector.Maveris is an IT and cybersecurity services company committed to helping organizations create secure digital solutions to accelerate their mission. We are Veteran-owned and proud to serve customers across the Federal Government and private sector. We have an opening for a full-time, permanent Cyber Security Defense Analyst to join our talented, dynamic team in support of the Department of Veterans Affairs customer.
Veterans are encouraged to apply.
The Cyber Security Threat Hunter will be part of a team that creates hypothesis driven investigations to search out Advanced Persistent Threats and Focused Operators. The individual will need to possess the ability to work well both individually and as part of a team with a shared mission.
Key Responsibilities:
- Provide proactive Advanced Persistent Threat (APT) and Focused Operator (FO) hunting, incident response support, and advanced analytic capabilities
- Profile and track APT/FO actors that pose a threat in coordination with threat intelligence support teams
- Review and analyze log files from various sources such as SIEM, packet captures, and host logs to report any unusual or suspect activities
- Develop and execute custom scripts to identify host-based indicators of compromise
- Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks
- Determine scope of intrusion identifying the initial point of access or source
- Recommend remediation activities to secure the source or initial point of access of intrusion
- Communicate effectively to all customers and stakeholders
- Provide executive level cyber security strategic recommendations along with security engineering recommendations and custom solutions to counter adversarial activity
- Provide technical summary of findings in accordance with established reporting procedures
- Provide identification of obfuscation techniques
- Knowledge of and ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
- Knowledge of and ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies
- Knowledge of and ability to utilize cyber defense and vulnerability assessment tools
- Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins)
- Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities
- Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations
- Knowledge of adversarial tactics, techniques, and procedures
- Knowledge of the common attack vectors on the network layer
- Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks)
- Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored)
- Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
- Skilled in using security event correlation tools
- Knowledge of and ability to utilize malware analysis concepts and methodologies
Requirements
- Experience with common threat hunting solutions including Splunk, packet analysis (e.g., Wireshark), Netflow, QRadar or other SIEMs, etc.
- An understanding of the MITRE ATT&CK Framework and Cyber Kill Chain methodologies
- Experience with threat hunting advanced persistent threats
- In depth understanding of NIST SP 800-61, US CERT, and Office of Management and Budget (OMB) standards
- Scripting experience, such as Python, PowerShell, etc. is a plus
- Strong time management skills with attention to detail
- Strong critical thinking skills
- Strong interpersonal and collaborative skills, with the ability to work in a team environment
- Ability to communicate effectively to both technical and non-technical audiences
- Skilled in developing and deploying signatures
- Skilled in detecting host and network-based intrusions via intrusion detection technologies
- Skilled in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes
- Skilled in collecting data from a variety of cyber defense resources
- Skilled in recognizing and categorizing types of vulnerabilities and associated attacks
- Skilled in reading and interpreting signatures (e.g., snort)
- Skilled in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.)
- Skilled in performing packet-level analysis
- Able to develop content for cyber defense tools
- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
- Coordinate with enterprise-wide cyber defense staff to validate network alerts
- Perform cyber defense trend analysis and reporting
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
- Ability to determine tactics, techniques, and procedures (TTPs) for intrusion sets
- Ability to conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings)
- Ability to reconstruct a malicious attack or activity based off network traffic
- Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
- Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.
- Analyze and report organizational security posture trends.
- Analyze and report system security posture trends
- Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise
- Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities
- Participation in rotational on-call support
Relevant certifications and training preferred:
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Forensics Examiner (GCFE)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Network Forensic Analyst (GNFA)
- GIAC Cyber Threat Intelligence (GCTI)
- GIAC Reverse Engineering Malware (GREM)
Benefits
Maveris attracts and retains talent of the highest caliber by offering opportunities to work in exciting and challenging environments surrounded by bright minds. Our employees are our most prized asset and are rewarded with highly competitive compensation and a top-tier benefits package, including:
- 401(k) with company match
- Dental Insurance
- Health Insurance
- Vision Insurance
- Life Insurance
- Paid Time Off
About Maveris
Maveris offers exceptional, mission-focused, solutions to organizations facing highly complex IT, digital, and cybersecurity challenges. Our success is achieved by maintaining an environment of trust where people are encouraged to reach their fullest potential. Every candidate that applies to Maveris brings something unique to the table, and because our team is diverse, we consistently meet our goals and exceed client expectations. If you are a highly-motivated person with a willingness to learn, we invite you to apply today to join our team!
To learn more about employee benefits visit www.maveris.com.
For company updates and the latest job postings check us out on LinkedIn.
If you'd like to read about some of our research and projects head over to Maveris Labs.
Want a more behind the scenes view? Check out our blog Maveris Insights to learn more about the team behind the solutions.
Tags: Analytics APT CERT Cyber defense Cyber Kill Chain Forensics GCFA GCIA GCIH GIAC GNFA GREM Incident response Intrusion detection Log files Malware MITRE ATT&CK NIST PowerShell Privacy Python QRadar Reverse engineering Scripting SIEM Snort Splunk Threat intelligence TTPs Vulnerabilities
Perks/benefits: 401(k) matching Career development Competitive pay Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs