Threat Hunting Specialist/Engineer

Threat Hunting Specialist/Engineer

Location: Other/Client Site - USSS Headquarters, 950 H Street NW, Washington, D.C. 20223 and other facilities located within the Washington D.C. Metropolitan area. Largely remote during COVID.

Department: DHS - USSS Threat Hunting Operation Center and Data Engineering Services

Type: Full Time

Minimum Experience: Experienced

Security Clearance Level Required: DHS Suitability Required

*The clearance level stated above must be met for consideration for this specific opportunity. Unfortunately, FTC is unable to sponsor at this time.

Military Veterans and individuals with disabilities are encouraged to apply!

Favor TechConsulting, LLC (FTC) is seeking a talented Threat Hunting Specialist/Engineer with government experience.

Essential Duties & Responsibilities

Role Overview: Proactively assessing data collected from a variety of cyber defense tools (e.g., IPS alerts, firewall logs, network traffic logs, host-based security logs, etc.) to analyze events that occur within their environments for the purposes of identifying and mitigating threats.

Responsibilities:

• Actively hunt for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in the network and on hosts leveraging using a variety of tools, including but not limited to Splunk, Azure Sentinel, PowerBI and M365 Defender
• Research new threats as they emerge and publish internal Threat Briefs with the latest IOCs and emerging tactics being used by threat actors
• Analyze threat actor activity, identify intrusions, create detections, and track campaigns
• Create reports and presentations on research and findings
• Share knowledge with members of the Security Operations Center (SOC) and Cyber Security teams
• Analyze collected data to determine trends in the security environment of the organization
• Participate in monthly DHS SOC working group meetings
• Leverage enterprise SIEM and other monitoring tools to provide security monitoring and perform proactive threat hunting across the organizations' systems
• Leverage threat intelligence and open-source cybersecurity outlets in support of THOC operations
• Leverage ServiceNow ticketing systems to manage security related events/incidents
• Develop and brief SOC threat hunting specific status reports at Information Technology Cyber Security Program (ITCSP) weekly staff meetings.
• Develop and maintain THOC threat hunting standard operating procedures (SOP)
• Work with Cybersecurity and other IT support teams as needed in support of incident response
• Leverage Security Orchestration and Automated Response tool in support of incident handling, developing, and implementing new workflows as needed.
• Escalate threat and IOC details to the Cybersecurity team as needed to implement additional security controls to mitigate threats
• Interface as needed with DHS SOC and SOCs of other agencies or companies.
• Provide threat hunting status reports to stakeholders to incorporate in SOC level reports
• Support ITCSP in efforts related to advancing the maturity level of the threat hunting capabilities of the SOC based upon the DHS defined Maturity Model
• Support annual self-assessment of threat hunting capabilities against the DHS Cybersecurity Services Program (CSP) maturity model, collaborating with the SOC in developing and providing a state of the SOC out brief to ITCSP leadership
• Support threat hunting aspects of formal DHS CSP assessments when scheduled by DHS
• Support threat hunting aspects of Cybersecurity and/or SOC related tabletop exercises
• Perform problem management to identify trending incidents, conduct root-cause analysis, develop solutions and workarounds, escalation of incidents in accordance with Service Level Objective (SLO), and record known problems, solutions, and workarounds in the CMDB

Required Skills & Experience

• Demonstrated proficiency with M365 Defender and Azure Sentinel
• Demonstrated experience leveraging SIEM and other tools to identify threat activity and incidents
• Demonstrated experience in delivering effective written and verbal communication and collaboration skills
• Demonstrated experience in providing Security Operations Center (SOC) support services with accuracy for effected resolution and documentation purposes
• Demonstrated experience in supporting multiple cybersecurity incidents simultaneously
• Demonstrated experience in adapting easily to learning new technologies
• Demonstrated ability to follow written and verbal instructions
• Demonstrated experience with problem solving new incidents without knowledgebase articles
• Demonstrated experience with creating and editing standard operating procedure (SOP) and incident reports
• Able to perform shift work within the following overlapping schedule:

Shift 1: Mon-Fri 0600-1400

Shift 2: Mon-Fri 1200-2000

Professional Certification(s):

At least one of the following or equivalent IT certifications: Certified Ethical Hacker (CEH), GIAC Security Essentials (GSEC), Security+

Formal Education:

N/A

Years of Professional Experience:

A minimum of 3 years direct experience providing Security Operations Center (SOC) services, including performing log and event review and incident response

Desired Skills & Experience

Professional Certification(s):

CEH, GSEC

Formal Education:

BS in Information Technology or related discipline

Years of Professional Experience:

N/A

Required Technical/Business Tools Experience

• Azure Sentinel
• M365 Defender

Physical Requirements

• U.S. Citizenship, No dual citizenship
• DHS EOD Eligibility

Additional Information:

Favor TechConsulting (FTC) is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, marital status, disability, veteran status, sexual orientation, or genetic information.

FTC requires all employees to be fully vaccinated as a condition of employment unless legally entitled to an accommodation. If you receive an offer of employment, it will be made contingent upon satisfaction of this requirement, and you will be required to show proof that you are fully vaccinated or to promptly engage in an interactive process to allow Human Resources to evaluate potential reasonable accommodations for valid medical or religious reasons. Please do not provide information about whether you are seeking an exemption from the vaccination requirement unless and until you receive a conditional offer of employment from FTC.

U.S Citizenship is required for this specific opportunity and all selected applicants will be subject to a government security investigation. This includes but is not limited to; meeting the eligibility requirements for access to classified information and the ability to obtain a government-granted security clearance. Individuals may also be subject to a background investigation including, but not limited to; criminal history, employment verification, education verification, drug testing, and creditworthiness.