Cyber Hunt & Incident Response Analyst

The Goal is hiring a Cyber Hunt & Incident Response Analyst for their client. 

Responsibilities include:
•    Collects and analyzes host based and network based data in support of incident response investigations. 
•    Interprets, analyzes and reports on events and anomalous activity discovered through incident response investigations. 
•    Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or Bro as part of duties performing cyber incident response analysis. 
•    Supports incident response engagements, and partners with other incident response teams in maintaining an understanding of threats, vulnerabilities, and exploits that could impact client networks and assets
•    Performs real-time and proactive analysis on various data sources, such as anti-virus logs, firewall logs, IDS & IPS data, event logs, and other host based and network based artifacts. 
•    Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities. 
•    Correlates and analyzes data between disparate sources to assess threat actor techniques, tactics, and procedures. 
•    Supports the incident manager in focusing and providing response, containment, investigation, and remediation efforts. 
•    May be required to coordinate with external organizations, authorities, and senior level leadership. 
•    Performs network architecture security reviews and models data flow to support incident response investigations. 
•    May be required to travel up to 25% of time.

Minimum Qualifications:
•    Bachelor’s degree in a technical discipline with a minimum of 3 years related technical experience.
•    Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment. 
•    Familiar with network analytics including Netflow/PCAP analysis. 
•    Understanding of cyber forensics concepts including malware, hunt, etc. 
•    Understanding of how both Windows and Linux systems are compromised. 

Preferred Qualifications:
•    DHS Suitability at the SCI level
•    Experience using Splunk for system data analytics and monitoring strongly preferred.
•    Experience performing cyber forensics, malware analysis, cyber hunt, etc. strongly preferred. 
•    A professional certification such as GCFA, GNFA, GREM, or GCIH is highly desirable. 

Attach a resume file. Accepted file types are DOC, DOCX, PDF, HTML, and TXT.

We are uploading your application. It may take a few moments to read your resume. Please wait!