Arlington, VA

Cyber Cyber Hunt & Incident Response Analyst

Job Specs

Code:
4030534002
Department:
Homeland
Date:
18-05-25
Offices:

Job Description:

XOR Security is currently seeking several talented Cyber Hunt & Incident Response Analysts to support an Agency-level SOC. The SOC program provides comprehensive Computer Network Defense and Response support through 24×7×365 monitoring and analysis of potential threat activity targeting the enterprise.  SOC Analysts will conduct security event monitoring, advanced analytics and response activities in support of the CND operational mission.  To support this vital mission, XOR staff are at the forefront of providing Advanced CND Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, analysis and incident response. Strong written and verbal communications skills are a must along with the ability to work shift. The ideal candidate will have a solid understanding of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables. Additionally, the ideal candidate would be familiar with intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, and security operations ticket management.

There are five shifts available:

First Shift (0600 - 1600 Mon-Fri)
Second Shift (1400 - 2400 Mon-Fri)
Third Shift (2200 - 0800 Mon-Fri)
Fourth Shift (0530 - 1830 Sat & Sun)
Fifth Shift (1730 - 0630 Sat & Sun)

This position may require up to 25% travel.

Required Qualifications:

  • Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, as well as embedded systems and mainframes.
  • Monitor open source channels (e.g. vendor sites, Computer Emergency Response Teams, SysAdmin, Audit, Network, Security (SANS) Institute, Security Focus) to maintain a current understanding of Computer Network Defense (CND) threat condition and determine which security issues may have an impact on the enterprise.
  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
  • Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or Bro as part of duties performing cyber incident response analysis.
  • Track and document CND hunts and incidents from initial detection through final resolution.
  • Collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential CND hunts and incidents within the enterprise.
  • Perform forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
  • Perform real-time CND hunt and incident handling (e.g. forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Hunt and Incident Response Teams (IRTs).
  • Write and publish CND guidance and reports (e.g. engagement reports) on incident findings to appropriate constituencies.
  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
  • Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities.
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
  • May be required to travel up to 25% of the time.

Minimum Qualifications:

  • Bachelor’s degree in a technical discipline with a minimum of 3 years related technical experience.
  • Active Top-Secret Security Clearance with the ability to obtain a TS/SCI is required. In addition, the selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.
  • Familiar with network analytics including Netflow/PCAP analysis.
  • Understanding of cyber forensics concepts including malware, hunt, etc.
  • Understanding of how both Windows and Linux systems are compromised.

Preferred Qualifications:

  • DHS Suitability at the SCI level
  • Experience using Splunk for system data analytics and monitoring strongly preferred.
  • Experience performing cyber forensics, malware analysis, cyber hunt, etc. strongly preferred.
  • A professional certification such as GCFA, GNFA, GREM, or GCIH is highly desirable.

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and TOP SECRET CLEARANCE REQUIRED