Find More Than 10K+
United Kingdom Jobs

SBD is looking for a Threat Hunting Analyst to join our team on a large Security Operations program with our Federal client.

The Threat Hunting Analyst (THA) will work to identify advanced threats within the network to track and mitigate them prior to an attack of the IT systems of the organization. The THA will create hypotheses to conduct searches for threats inside the network with the goal of gathering data on threat behaviors, goals, and methodologies of the threat group. The THA is responsible for organizing and analyzing the data to establish baselines for the security environment and make security recommendations to address current vulnerabilities.

This individual will possess prior work experience in cybersecurity with an intimate knowledge of network computing and be an individual who has technical with multiple security tools. The individual will be responsible for gathering raw data, filtering, investigating, analyzing network activity, creating the hypothesis for threat hunt operations, conducting full hunt operations, and solution security fixes based on the outcome of the hunt. The THA will operate as part of the Incident Response team by assisting with response through the conduction of ad-hoc hunts, contributing to lessons learned and suggesting new preventative measures, and integrating threat data into security tools. The individual will have good presentation skills and possess excellent communication skills both verbal and written.

This position is fully remote within the United States.

Responsibilities Include:

• Conduct security assessments to identify potential vulnerabilities, threats, or deficiencies.
• Support Security Operations Center (SOC) and Incident Response (IR) activities.
• Document all hunt activities and create presentations when requested.
• Create detection content to support the automated identification of threats across the environment.
• Triage alerts generated from curated hunt team detection content, escalating as needed to other organizations within cybersecurity defense operations.
• Conduct research from external and internal sources, develop, and implement solutions based around new attack techniques and threats.
• Analyze security and event logs for anomalies and indications of malicious behavior.
• Determine true threats, false positives, and misconfigurations to provide timely solutions to detected issues.
• Tune analytic correlations along with other security personnel to reduce false positives and increase actionable alerts.
• Ensures daily, monthly, and quarterly compliance requirements are met individually and by professional level staff within the timelines provided by Operations executive leadership.
• Performs other related duties as assigned.

Required Experience and Qualifications:

• Must be a United States (US) Citizen.
• Must be able to obtain an agency-specific Public Trust clearance.
• Must be able to pass a comprehensive background check.
• Bachelor's degree or five (5) years of related experience is required.
• Understanding of TCP/IP and how traffic is transported through a network.
• Experience using security controls (firewalls, antivirus, Endpoint Detection and Response platforms, Intrusion Detection Systems, packet capture analysis, etc.) leveraged to spot anomalies.
• Understanding of malicious actors and the tools, techniques, and procedures they employ.
• Knowledge and understanding of multiple operating systems, network devices, and secure architectures.
• Experience utilizing the cyber threat hunt method to identify malicious activity in a network.
• Experience identifying threat groups and their distinct TTPs.
• Experience with information assessment for network threats to include scans, computer viruses, and complex APT attacks.
• Hands-on experience with a Security Information and Event Management (SIEM) tool.
• Experience with log analysis and how events of interest can be linked together or corroborated.
• Proficiency with one or more Endpoint Detection and Response (EDR) tools.
• Experience within security operations, cyber threat hunting, or content detection development, or supporting cybersecurity operations within a cyber fusion center.
• Ability to work well with others on a close-knit team.
• Ability to work via teleconference and/or videoconference.
• Excellent records management and documentation discipline.
• Experience with firewalls, routers, or antivirus appliances.
• Scripting, particularly in Python, to support task automation.
• Must have an impeccable work ethic, the ability to make sound decisions, and a commitment to integrity and accountability.
• Proficient with Microsoft Office Suite; specifically, Excel, Word, and Outlook a must.
• Excellent verbal and written communication skills.
• Excellent interpersonal, negotiation, presentation, and conflict resolution skills.
• Excellent organizational skills and attention to detail.
• Strong analytical, critical thinking, time management, and problem-solving skills.
• Strong supervisory and leadership skills.
• Ability to function well in a high-paced and at times stressful environment.
• Ability to prioritize tasks and to delegate them when appropriate.
• Hands-on experience with Adobe Pro a must.
• One or more of the following certifications is desired:
  • Security+CE, CompTIA Advanced Security Practitioner (CASP+), Cyber Security Analyst (CySA+), Certified Ethical Hacker (CEH), Certified Network Defender (CND), Certified Threat Intelligence Analyst (CTIA), Certified SOC Analyst (CSA), Certified Incident Handler (ECIH), GIAC Cyber Threat Intelligence (GCTI), GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), AWS Fundamentals - Cloud Practitioner Essentials, Azure Fundamentals - AZ-900.