Senior Cyber Threat Hunter

Company: Peraton
Location: Augusta
Posted on: May 26, 2023

Job Description:

Peraton seeks a Senior Cyber Threat Hunter supporting the ARCYBER Active Defense (THREAT HUNT) Team. Location: Fort Gordon, GA. As a Sr. Cyber Threat Hunter you will be responsible for participating in threat actor based investigations, creating new detection methodologies, and provided expert support to incident response and monitoring functions. The focus of the Threat Hunter is to detect, disrupt and eradicate the presence of threat actors from enterprise networks. To execute this mission, the Threat Hunter will use data analysis, threat intelligence, and cutting-edge security technologies. You will also directly support the Cyber Defense Operations Center by applying analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats, and perform incident response. Tasks include: General SIEM monitoring, analysis, content development, and maintenance Research, analysis, and response for alerts; including log retrieval and documentation Conduct analysis of network traffic and host activity across a wide array of technologies and platforms Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management Track threat actors and associated tactics, techniques, and procedures (TTPs) Capture intelligence on threat actor TTPs and develop countermeasures in response to threat actors Analyze network traffic, IDS/IPS/DLP events, packet capture, and FW logs Analyze malicious campaigns and evaluate effectiveness of security technologies Develop advanced queries and alerts to detect adversary actions Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies Assist in the design, evaluation, and implementation of new security technologies Assist response and investigation efforts into advanced/targeted attacks Hunt for and identify threat actor groups and their techniques, tools and processes Identify gaps in IT infrastructure by mimicking an attacker s behaviors and responses Provide expert analytic investigative support of large scale and complex security incidents Perform Root Cause Analysis of security incidents for further enhancement of alert catalog Continuously improve processes for use across multiple detection sets for more efficient Security Operations Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc. Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors A passion for research, and uncovering the unknown about internet threats and threat actors Identify behavior, goals, and methods of adversaries; organize and analyze the collected data to determine gaps in the security environment of the organization that adversaries may be exploiting. Conduct hypothesis-driven investigations driven by external intelligence data and internal correlation. Provide information/support to the Respond Team or external cyber forces for response actions as appropriate Provide briefings to DOD cyber personnel on AD Team Tactics, Techniques and Procedures (TTPS) Organize and analyze collected data to determine gaps in the security environment of DODIN-A organizations that adversaries may be exploiting. Qualifications Required Qualifications: BA/BS + 10 years relevant experience, MA/MS +8 years, or HS +16 years DoD 8570 IAT Level II certfication. Must be current to start and maintained in ATCTS for duration of support Active TS/SCI with ability to obtain and maintain a CI Polygraph and MEAD clearance for duration of support Preferred Qualifications: Experienced with model development and testing as well as gathering, relating, and identifying data with variables in models Has developed reports noting various alternatives and success probability when there is no single solution Possesses an in-depth understanding of cyberspace doctrine, policies, operations, and organizations Background includes quantitative experience and/or education (e.g., mathematics, statistics, etc.) DoD 8570 CSSP (Analyst, Incident Responder, or Auditor) certification Peraton Overview Peraton drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted and highly differentiated national security solutions and technologies that keep people safe and secure. Peraton serves as a valued partner to essential government agencies across the intelligence, space, cyber, defense, civilian, health, and state and local markets. Every day, our employees do the can't be done, solving the most daunting challenges facing our customers. Salary Range Salary Minimum: $72,500 Salary Mid: $145,000 Salary Maximum: $181,300 The estimate displayed represents the typical salary range for this position, and is just one component of Peraton's total compensation package for employees. Other rewards may include annual bonuses, short- and long-term incentives, and program-specific awards. In addition, Peraton provides a variety of benefits to employees. An Equal Opportunity Employer including Disability/Veteran.

Keywords: Peraton, Augusta , Senior Cyber Threat Hunter, Other , Augusta, Georgia