Cyber Threat Hunter

Job Description

Job Title: Cyber Threat Hunter - SME
Location: Sterling, VA and Beltsville, MD
Terms: Full-time
Requirements: Must be a U.S. Citizen with Active Secret Security Clearance

About us
Cyber Management is a rapidly growing Veteran Owned Small Business (VOSB). To us, Cyber is no buzzword…it is all of the technology supporting our business, government, and personal information, and we understand how vital it is to integrate security into the overall cyber management schema from design through operations. Information is one of the greatest resources of our time…keeping it flowing and keeping it safe is our mission. Come join us as we grow!

We offer:

• Excellent compensation, benefits and financial incentive
• Opportunity to work with highly skilled and talented people
• A Company that understands and values what you do, and committed to mutual success!

About the Role
Cyber Management International Corporation is actively recruiting a highly motivated Cyber Threat Hunter looking for challenging, exciting work in support of the U.S. Department of State (DOS) Consular Affairs Enterprise Infrastructure Operations (CAEIO) Program, for the Bureau of Consular Affairs (CA). The Cyber Threat Hunter will be working closely with other CAEIO team members, application/system owners, and Government Leadership to ensure Consular Affairs mission success. This organization provides services that analyze and produce enhanced cyber security and threat intelligence information to include threats and potential threats to the customer’s information and information systems; provides timely and relevant technical analysis to assist with mitigating cyber threats confronting the Department; supports evaluation, implementation, and operations of tools/technologies used in advanced analysis.

Functional Duties
The Cyber Threat Hunter and Researcher will support the customer’s overall cyber threat analysis efforts. Performs advanced analysis of adversary tradecraft, malicious code, and Advance Persistent Threat capabilities. Analyzes computer, communication, network security events and exploits to determine security vulnerabilities and recommend remedial actions. Conducts forensic, malicious code, and packet-level analyses to develop comprehensive technical reports stepping through complete reverse engineering of incidents. Recommends countermeasures based on the identified techniques, tactics, procedures, and behavior patterns used by adversaries. This role is also responsible for developing alert criteria to improve incident response capabilities; as well as contributing to the development, writing, and reviewing of SOPs.

Responsibilities

• Conducts research and data correlation using a variety of enterprise data sources with specific emphasis on network operations and cyber warfare tactics, techniques, and procedures.
• Analyzes network events to determine the impact on current operations and conduct research to determine adversary capability and intent.
• Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on systems and information.
• Collects and analyzes network device integrity data for signs of tampering or compromise.
• Prepares assessments and cyber threat profiles of current events based on the sophisticated collection, research, and analysis of information.
• Conducts data analysis in support of directed assessments, anomaly investigations, long term trending and system check out.
• Develops and maintains analytical procedures to meet changing requirements and customer inquiries.
• Serves as the cyber technical liaison to stakeholders, explaining investigation details.
• Tracks and documents incident response activities and provides updates to leadership through executive summaries and in-depth technical reports.
• Create, discuss and explain Cyber investigative documentation.
• Resolve highly complex malware and intrusion issues using computer host analysis, forensics, and reverse engineering.
• Characterize and analyze network traffic, identify anomalous activity / potential threats, and analyze anomalies in network traffic using metadata.

Qualifications: Basic Requirements

• US Citizenship required and an active TOP SECRET clearance.
• BS degree and 12 to 15 years’, experience or MS degree with 10 to 13 years’, experience or a high school diploma/equivalent with minimum 16 years’, experience.
• Possess CISSP or similar cybersecurity certification.
• 8+ years of directly relevant experience in cyber forensic and network investigations using leading edge technologies and industry standard forensic tools.
• Experience with reconstructing a malicious attack or activity.
• In depth knowledge and experience of identifying different classes and characterization of attacks and attack stages.

Qualifications: Preferred Requirements

• Knowledge of cybersecurity frameworks and standards
• Ability to track incidents using MITRE ATT&CK and Cyber Kill Chain methodology.
• Knowledge of cloud security
• Knowledge of current IT security best practices
• Knowledge of system administration, networking, and operating system hardening techniques
• Mixed operating systems experience: (Linux, Windows)
• Scripting/coding experience

** Shift/Hours:** 1st Shift - Monday through Friday

For more information about our company, please visit www.cybermgt.com or email us at recruiting@cybermgt.com .