Department: Cyber Defense
Offices: Merrifield, Virginia, United States
XOR Security is currently seeking a Cyber Hunt SME to support a large commercial financial entity Cyber Security Operation Center (CSOC). The program provides comprehensive Computer Network Defense and Response support through 24×7×365 monitoring and analysis of potential threat activity targeting the enterprise. CSOC Analysts will conduct security event monitoring, advanced analytics and response activities in support of the CND operational mission. To support this vital mission, XOR staff are on the forefront of providing Advanced CND Operations to include the development of advanced analytics and countermeasures to protect critical assets from various cyber threats. To ensure the integrity, security and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, analysis and incident response. A strong work ethic, diligent time and attendance, written and verbal communications skills are a must along with the ability to work night shifts. The ideal candidate will have a solid understanding of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables. Additionally, the ideal candidate would be familiar with intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, and security operations ticket management.
The Cybersecurity Operations Center is looking for a driven professional to help advance the program's strategic vision. You will also have the opportunity to work closely with the Focused Operations manager and lead the collaboration with other Information Security teams for adversary emulation and threat hunt operations.
***Hours are flexible within core office hours of 7:00 AM to 6:00 PM Eastern
- Maintain expert knowledge of advanced persistent threats tactics, techniques, and procedures (TTPs) as well as forensics and incident response practices
- Identify and hunt for emerging threat activity across all internal/external sources
- Lead development and implementation of test plans to perform adversary emulation for the purposes of threat hunt
- Conduct advanced analysis of network and endpoint alerts from various sources within the enterprise and determine possible causes of such alerts
- Drive the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave
- Lead coordination with intelligence analysts to correlate threat assessment data
- Conduct advanced analysis of log files, evidence, and other information to determine best methods for detection of a network intrusion
- Drive process to perform event correlation within the enterprise to identify security architecture gaps
- Conduct advanced examination of network topologies to understand how data flows through the network
- Provide cybersecurity recommendations to leadership based on significant threats and vulnerabilities
- Lead process to perform tier 3 static malware analysis
- Establish standards, taxonomy, and processes for threat hunt and detections
- Perform other duties as assigned
- Advanced experience in cybersecurity and/or information technology (IT) security
- Advanced knowledge of security architectures, firewalls, proxies, and network topology required
- Advanced skill in developing and deploying signatures
- Advanced skill in using security event correlation tools
- Advanced skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort)
- Advanced skill in using virtual machines; setting up malware analysis workstation
- Outstanding communication skills for reporting complex technical situations to various audiences, including executive leadership and nontechnical staff.
- Advanced research, analytical, and problem-solving skills
- Advanced skill working with all levels of management, supervisors, stakeholders and vendors
- Expert skill in collaborating with other teams on time-sensitive incidents
- Advanced skill in evaluating test plans for applicability and completeness
- Advanced skill in deep analysis of captured malicious code (e.g., malware forensics)
- Advanced skill in identifying gaps in technical capabilities
- Advanced skill in using binary analysis tools
- Advanced skill in relevant programming languages (e.g., C++, Python, etc.)
- Advanced skill in testing and evaluating tools for implementation
- Advanced experience with security tools related to enterprise log management, IDP/IDS, antivirus, firewalls, proxies, DLP, forensic analysis and SIEM
- CISSP, CISA, CCSP or other related Information Security certifications
- Advanced knowledge of IT security standards and frameworks (e.g., MITRE ATT&CK )
- Advanced skill in analyzing audit log events for cloud technologies to facilitate development of cyber defense detections
XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED.