Our client is looking for a Security Consultant (DFIR) to join their team at a well known cybersecurity firm.

In this role you will perform incident response and threat hunting-related tasks. You will work with various security solutions including SIEM, EDR, UEBA, and SOAR solutions.

This is a heavy Linux / CentOS environment, so experience is required. Familiarity with MITRE ATT&CK framework and consulting experience is a plus.

This is a hybrid role in Springfield, VA.

Candidate must be a U.S. Citizen. Candidates must hold an active TS clearance and be willing to obtain a SCI clearance.*

For a quicker response, please apply directly to this role here : https : / / cybersn.com / cards / 2284 / card.html

Responsibilities : 25% Threat Hunting

25% Threat Hunting

• Develop and enhance threat hunting methodologies and hypotheses
• Implement, validate and normalize threat data collection sources
• Improve and enhance threat hunting maturity levels
• Enhance SIEM threat hunting capabilities
• Participate in hunt missions using Threat Hunting Platforms to identify, detect and investigate threats on the enterprise network and / or cloud networks.
• Participate in hunting missions using searching techniques to identify, detect and investigate threats on the enterprise network and / or cloud networks.
• Participate in hunting missions using searching or clustering techniques to identify, detect and investigate threats actors and advanced adversaries on the enterprise network and / or cloud networks
• Attack vectors from MITRE ATT&CK framework
• Perform OSINT collection and threat profile analysis
• Research threat actor analysis and capability
• Current trends and threat landscape
• Build and manage threat research and sharing relationships Sector-based Information Sharing Analysis Centers (ISACs)
• Participate in incident response as a member of the CSIRT

20% Incident Response

• Respond to incidents involving malware
• Respond to network based attacks
• Monitor system events, logfiles and alerts
• Perform incident detection
• Program and write scripts

20% Security Engineering

• Perform infrastructure and cloud security design
• Install, maintain, and patch security products
• Monitor system events, log files and alerts
• Evaluate new security products and solutions
• Interact with cloud based platforms

20% Security Operations

• Harden systems for cyber resilience
• Research new threats, attack techniques and methods
• Participate in business continuity and disaster planning

15% Threat Intel

• Collect, review, analyze, process and enrich open source and / or commercial threat datasets
• Create and deliver technical alerts, reports, and vulnerability notifications
• Gather and record key indicators and information about threat campaigns and infrastructure
• Prepare assessments and cyber threat profiles of current events based on collection, research and analysis of open source information
• Provide intelligence support during incident response and forensic security investigations
• Process and enrich information to ensure timely, actionable, high confidence IOC's are ingested and shareable
• Conduct technical analysis based upon industry accepted threat intelligence analytical frameworks, tools, and standards
• Develop and maintain threat profiles and the associated tactics, techniques, and procedures used to infiltrate computer networks
• Apply technical knowledge of security architectures, tools and controls to proactively detect, mitigate, and resolve advanced cyberattacks and / or threats.

Requirements

• Must actively hold a TS clearance and be willing to obtain a SCI.
• 5 years of experience in incident response and threat hunting.
• Hands-on experience with security solutions including SIEM, EDR, UEBA, and SOAR solutions.
• Must have extensive command line experience with Linux.

Why CyberSN?

Last updated : 2024-06-20