Lead Cyber Hunter, National Incident Response Team - Federal Reserve (East Rutherford, NJ) at Federal Reserve Bank (FRB)

Posted in General Business 24 days ago.

This job brought to you by eQuest

Type: Full-Time
Location: New York City, New York





Job Description:


At the Federal Reserve Bank of New York, the work we do is consequential and challenging. Our environment encourages growth and diversity. Our employees flourish in a team-oriented atmosphere and are dedicated to the important mission of the New York Fed.

The National Incident Response Team (NIRT), a national service provider for the Federal Reserve System, delivers effective and efficient national intrusion detection, incident response, security intelligence, threat assessment, and vulnerability assessment services for the Federal Reserve System. The mission of the National Incident Response Team is to play a leading role in the Federal Reserve System's efforts to protect its information systems against unauthorized use.


Your role as a Lead Cyber Hunter:

The mission of NIRT's Incident Detection and Analysis (IDA) team is to be an agile team that effectively detects, analyses and investigates information security incidents for its customers. The team is focused on ensuring the security and integrity of critical enterprise systems and environments through the use of various analytical data mining techniques and automated tactics. As a Lead Cyber Hunter, you are responsible for spear-heading the NIRT's cyber hunting capabilities holistically. Through partnerships as well as internal and external data collection and mining, you will search for deep, persistent threats that may not be detected by traditional techniques. You are also responsible for expanding the team's cyber hunting capabilities through cross-training; you will serve as a cyber hunter subject matter expert for the NIRT. Furthermore you will execute core detection responsibilities in order to remain familiar with operational data.


  • Leads investigations through data analysis and information gathering.


  • Performs pro-active hunting for intelligence related to malicious activity that can impact the FRS network and digital assets.


  • Maintain knowledge of relevant adversary TTPs in order to help ensure that the offensive landscapes informs the team's defensive posture.


  • Produce reports and presentations to illustrate results of cyber hunting activities.


  • Plans and executes formal cyber hunt engagements for customers.


  • Coordinate with intelligence analysts to take action on relevant intelligence products.


  • Cross-trains detection analysts to expand the IDA team's cyber hunting capabilities through the development of a remote and onsite cyber hunting training package that supports individual and team training.


  • Utilizes detection techniques from successful hunt engagements to provide feedback to the automation team.


  • Provides input and technical expertise during 0-day scenarios, where existing detection fails to catch emerging TTPs.


  • Ability to work weekends on a rotational basis with the rest of the team to ensure 24x7 coverage of Threat Analysis Center (TAC).