The Goal is hiring a Cyber Hunt & Incident Response Analyst for their client.
• Collects and analyzes host based and network based data in support of incident response investigations.
• Interprets, analyzes and reports on events and anomalous activity discovered through incident response investigations.
• Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or Bro as part of duties performing cyber incident response analysis.
• Supports incident response engagements, and partners with other incident response teams in maintaining an understanding of threats, vulnerabilities, and exploits that could impact client networks and assets
• Performs real-time and proactive analysis on various data sources, such as anti-virus logs, firewall logs, IDS & IPS data, event logs, and other host based and network based artifacts.
• Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities.
• Correlates and analyzes data between disparate sources to assess threat actor techniques, tactics, and procedures.
• Supports the incident manager in focusing and providing response, containment, investigation, and remediation efforts.
• May be required to coordinate with external organizations, authorities, and senior level leadership.
• Performs network architecture security reviews and models data flow to support incident response investigations.
• May be required to travel up to 25% of time.
• Bachelor’s degree in a technical discipline with a minimum of 3 years related technical experience.
• Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.
• Familiar with network analytics including Netflow/PCAP analysis.
• Understanding of cyber forensics concepts including malware, hunt, etc.
• Understanding of how both Windows and Linux systems are compromised.
• DHS Suitability at the SCI level
• Experience using Splunk for system data analytics and monitoring strongly preferred.
• Experience performing cyber forensics, malware analysis, cyber hunt, etc. strongly preferred.
• A professional certification such as GCFA, GNFA, GREM, or GCIH is highly desirable.