Perform Cyber Threat Hunts by identifying patterns and anomalies in data that are not immediately obvious. Create Threat Models to better understand the Enterprise, identify defensive gaps, and prioritize mitigations. Utilize Threat Intelligence and Threat Models to create threat hypotheses and plan and scope Threat Hunt Missions to verify threat hypotheses.
Duties
Proactively and iteratively search through systems and networks to detect advanced threats.
Analyze host, network, and application logs in addition to malware and code.
Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation.
Monitor intrusion detection system and analyze alerts.
Lead threat hunting daily operations as well as significantly contribute to the strategic direction of the threat hunt team.
Collaborate with security engineers to create use cases and correlation alerts in the SIEM for continuous security monitoring.
Write technical and executive threat hunt reports as well as highlight and identify risks and gaps resulting from the hunts.
Participate in threat hunting operations using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect and mitigate threat actors on the network.
Develop advanced methodologies to identify threat actor groups and associated tools, techniques and procedures.
Produce metrics and develop dashboards to identify potential threats, suspicious/anomalous activity, malware, etc.
Consult and inform on the tuning of detection infrastructure with technology teams to identify emerging threats.
Apply analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats.
Provide guidance and/or lead on the development of on-going information security risk reporting monitoring key trends and defining metrics to regularly measure hunt effectiveness and output.
Coordinate with different teams to improve threat detection, response, and improve overall security posture of the Enterprise
Develop new, and improve existing, threat hunt processes.
Review the ingest of cyber news feeds, signature updates, incident reports, threat briefs, and vulnerability alerts and determine its applicability to the systems environment.
Identify potential threats and identify current and evolving hacking tools and methodologies available to disrupt these systems.
Utilize tools such as Wire Shark for network data forensics, Splunk for security data ingestion, and Suricata for security data analysis
Review and analyze security incidents and support incident response
Qualifications
10 years of computer information technology experience.
3 years performing Cyber Hunt activities
3 years of intrusion detection and/or incident handling experience
Bachelor degree
Certification: CISSP, GIAC, CEH, CISA, CISP, or equivalent
Knowledge/Understanding of Cyber Kill Chain threat framework/model for the identification and prevention of cyber intrusions activity and for enhanced insights and reporting of cyber activity
Public Trust clearance capability
Scheduled Weekly Hours:
40
Travel Required:
Less than 10%
Telecommuting Options:
Hybrid
Work Location:
USA DC Washington
Additional Work Locations:
COVID-19 Vaccination: GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.