analyst Remote
Gray Tier Technologies
Full Time
Remote
10.56 - 12.04 USD Today
Job description
Gray Tier Technologies is looking for Threat Hunt Analyst (SME) to support the Department of Homeland Security CBP SOC.
Primary Responsibilities
- Create Threat Models to better understand the DHS IT Enterprise, identify defensive gaps, and prioritize mitigations
- Author, update, and maintain SOPs, playbooks, work instructions
- Utilize Threat Intelligence and Threat Models to create threat hypotheses
- Plan and scope Threat Hunt Missions to verify threat hypotheses
- Proactively and iteratively search through systems and networks to detect advanced threats
- Analyze host, network, and application logs in addition to malware and code
- Prepare and report risk analysis and threat findings to appropriate stakeholders
- Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation.
- Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise
Basic Qualifications:
Positions at this career level typically require BS degree or equivalent and 2-4 years of prior relevant experience, or a master's with less than 2 years, in order to operate within the scope contemplated by the level.
All Department of Homeland Security CBP SOC employees are required to favorably pass a 5-year (BI) Background Investigation. Experience in the areas of incident detection and response, malware analysis, or computer forensics.
Preferred Qualifications:
- Expertise in network and host-based analysis and investigation
- Demonstrated experience planning and executing threat hunt missions
- Understanding of complex Enterprise networks to include routing, switching, firewalls, proxies, load balancers
- Working knowledge of common (HTTP, DNS, SMB, etc) networking protocols
- Familiar with operation of both Windows and Linux based systems
- Proficient with scripting languages such as Python or PowerShell
- Familiarity with Splunk Search Processing Language (SPL) and/or Elastic Domain Specific Language (DSL)
- Demonstrated experience triaging and responding to APT activities.
- Experience working with various technologies and platform such as AWS, Azure, O365, containers, etc.
- Understanding of current cyber threat landscape, the different tactics commonly used by adversaries and how you would investigate, contain and recover against their attacks.
Gray Tier Technologies
www.graytier.com
Alexandria, VA
$1 to $5 million (USD)
1 to 50 Employees
Company - Private
Enterprise Software & Network Solutions
