Cyber Threat Hunter (Lead E/A)

Program Description: Serves as a SME Cyber Threat Hunter and Researcher in support of a major federal client.  This organization provides services that analyze and produce enhanced cyber security and threat intelligence information to include threats and potential threats to the customer’s information and information systems; provides timely and relevant technical analysis to assist with mitigating cyber threats confronting the Department; supports evaluation, implementation, and operations of tools/technologies used in advanced analysis. Responsible for the delivery of written and oral briefings to stakeholders and community partners across the Foreign Affairs community.  

The Cyber Threat Hunter and Researcher will support the customer’s overall cyber threat analysis efforts. Performs advanced analysis of adversary tradecraft, malicious code, and Advance Persistent Threat capabilities.   Analyzes computer, communication, network security events and exploits to determine security vulnerabilities and recommend remedial actions. Conducts forensic, malicious code, and packet-level analyses to develop comprehensive technical reports stepping through complete reverse engineering of incidents.  Recommends countermeasures based on the identified techniques, tactics, procedures, and behavior patterns used by adversaries.  This role is also responsible for developing alert criteria to improve incident response capabilities; as well as contributing to the development, writing, and reviewing of SOPs.

Candidate should possess experience with and knowledge of cyber threat and/or intelligence analysis.  Candidate should have proven expert written and oral communication skills to include experience with executive-level presentations. Candidate should have knowledge related to the current state of cyber international relations, adversary tactics, and trends. Candidate will possess the ability to work quickly, and a willingness to complete ad hoc, time sensitive assignments.

Candidates MUST possess an active secret clearance and be eligible to obtain a Top Secret.

• A Bachelor’s Degree in Computer Science, Information Systems, Engineering, Telecommunications, or other related scientific or technical discipline is desired. Four (4) additional years of general experience (as defined below) may be substituted for the degree.

Certifications Desired:  GIAC Certified Incident Handler (GCIH), GIAC Certified Forensics Analyst (GCFA), Certified Ethical Hacker (CEH), Encase Certified Examiner (ENCE)

General Experience: 5-7 years of experience advanced technical analysis with increasing responsibilities. Demonstrated oral and written communications skills. 

• Good working knowledge of cyber threat analytics
• Previous experience working in cross functional and interdisciplinary project teams to achieve tactical and strategic objectives
• Proven ability to document and teach team members how to apply advanced analytic techniques to solve complex problems
• Solid understanding of enterprise IT cybersecurity operational environments

• Five years of experience in network security with a focus on computer forensics, static code reverse engineering, and advanced (packet) network analysis. Static code reverse engineering experience can be substituted by experience in similar skill in computer forensics, network analysis, mobile device forensics related to malicious code, network flow analysis, or other similar skill
• Three years of experience in intelligence or technical analysis with a focus on cyber threat analysis.
• Experience analyzing emerging technologies for potential attack vectors and developing mitigation strategies
• Ability to evaluate offensive and intelligence-based threat actors based on motivation and common TTPs
• Experience with gathering open-source and controlled intelligence to develop predictive understanding of adversarial strategies, priorities, and overlapping interests
• Demonstrated expertise in deploying and maintaining open source network security monitoring and assessment tools
• Experience writing contract deliverables such as Event Bulletins, Cyber Digests, and Quarterly Summary Reports