- Federal Civilian
- Woodlawn, Maryland, United States
Job Description: Cyber Hunt SME
XOR Security is currently seeking a Cyber Hunt SME to support a large cyber defense program in a complex federal, health sector environment. The position will respectively focus on Cyber Hunt activities including identifying data sets of interest and conducting. To support this vital mission, XOR staff are on the forefront of providing Advanced Analytics, Cyber Offense, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in security monitoring and analysis, hunt, and incident response. Strong analytical skills as well as written and verbal communications skills are a must. The ideal candidate will have a solid understanding of big data analytics, cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables.
Location: Woodlawn, MD
- 6 years of Information Technology experience, with at least 4 years of experience in information security working within security operations or cyber hunt.
- Demonstrated Experience performing Network Forensics in support of cyber hunt investigations (e.g. Netflow and PCAP analysis using RSA Analytics).
- Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Cyber Threat Hunting (anomalous pattern detection and content management), Malware Analysis.
- Prior experience and ability to with analyzing information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.
- Experience working with various event logging systems and must be proficient in the review of security event log analysis.
- knowledge of log, network, and system forensic investigation techniques.
- Significant experience performing analysis of log files from a variety of sources, to include individual host logs, network traffic logs, firewall logs, or intrusion prevention logs.
- Using intelligence driven defense based on the Cyber Kill Chain (CKC) in a cyber defense environment.
- Knowledge of diverse operating systems, networking protocols, systems administration and security technologies.
- Knowledge of TCP/IP Networking and knowledge of the OSI model.
- Experience creating actionable content for a diverse range of commercial security tools and/or SIEM technologies.
- Significant experience monitoring threats via a SIEM console.
- Excellent problem solving, critical thinking, and analytical skills with the ability to de-construct problems.
- Strong customer service skills and decision-making skills.
- Be able to create or modify scripts for task automation or data parsing.
- Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting.
- Provide subject matter expertise support in the detection, analysis, and mitigation of malware, trends in malware development and capabilities, and proficiency with malware analysis capabilities.
- Bachelor's degree in Computer Science or related field or equivalent work.
- One or more certifications for Analysts: GCIA, GNFA, GCIH, GCED, GCFE, GCTI, , CND, ECSA, OSCP, OSEE, OSCE, GCFA, GREM, CHFI, CEH, GPEN, GWAPT, GISF, GXPN.
- Experience with analyzing deceptive technologies such as honeynets.
- Ability to work with a cyber network defense organization to improve an organization’s detection capabilities through content development or security architecture recommendations.
- Previous hands-on experience with a Security Information and Event Monitoring (SIEM) and Big Data Analytics platforms that perform log collection, analysis, correlation, and alerting is required, preferably Splunk, Sqrrl, ELK, Hadoop.
- Experience with a wide variety of data sets such as network events from various sources including RSA Security Analytics and Akamai WAF experience or host-based events such as antivirus, HIDS/HIPS, security event logs, etc. with the ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts.
- Significant experience with packet analysis (Wireshark) and Malware analysis preferred.
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP WITH THE ABILITY TO OBTAIN A PUBLIC TRUST.