Overview
On Site
0 to 0
Full Time
No Travel Required
Skills
Threat Hunting Forensics
Security
Windows
Firewalls
Active Directory
Microsoft 365
Azure
Job Details
Description:
Business Operational Concepts (BOC) is a recognized leader in providing Technical and Program Management Services, Information Technology, and Support.
BOC has enabled their Government and Commercial clients to achieve their organizational initiatives through the application of high quality, innovative, and cost-effective professional services and solutions. We provide a positive working environment, with opportunities for advancement in our growing Federal sector workforce.
We offer an excellent compensation package which includes a generous salary, insurance (medical, dental, etc.), paid leave, 401k plan and more. We are committed to the diversity we bring to the marketplace and believe customer satisfaction comes first.
JOB SUMMARY:
Business Operational Concepts (BOC) is currently seeking a seeking a Cyber Threat Intelligence Analyst to work with our federal client. The ideal candidate will serve as a Cyber Threat Intelligence Analyst within the federal clients Cybersecurity Division Cyber Integration Center. A highly motivated individual with strong technical, communication, and organizational skills will succeed on this program.
The mission of the federal clients Cyber Threat Intelligence (CTI) program is to produce and deliver relevant, accurate, and timely curated information (cyber threat intelligence) so that the federal client can proactively implement countermeasures to better inoculate itself from potential cyber threats. The CTI Team gathers information on adversarial behaviors and tactics, including indicator of compromise (IOC) and tactics, techniques, and procedures (TTP) lists and provides this information to the clients threat hunting team, as well as the SOC and other organizations where applicable. In addition to gathering information on current threats, the CTI team also configures and maintains a consistent ingestion of IOCs into the federal clients SIEM for detection and analytical purposes.
DUTIES AND RESPONSIBILITIES:
* Perform research using open-source and classified Cyber Threat Intelligence sources to identify and track Advanced Persistent Threats (APT), malware packages, and exploitable vulnerabilities. Identify and prepare profiles on any threats or topics that are applicable to the client.
* Provide the in-house Threat Hunting & Forensics (THF) Team with Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and other background information about threats relevant to the client.
* Assist the THF Team and the clients Security Operations Center (SOC) in the development of new and specific detection techniques for the profiled threats.
* Notify appropriate stakeholders of items of concern, such as unpatched vulnerabilities, attack surface exposures, and other threats discovered in the research process.
* Ongoing maintenance of the Cyber Threat Intelligence SOP to revise processes and reporting methods.
* Maintain consistent awareness to industry trends and topics, including available cyber security intelligence tools, blog posts, and news postings. This will also include monitoring of various social media platforms for any emerging threats, as well as contra-reputational information posted about the client.
* Prepare professional written deliverables and oral presentations for the clients senior leadership on profiles, threats, metrics and trends as required.
* Adapt to dynamically changing priorities, based on severity of threats, leadership requests, or sources of information.
* Cultivate professional relationships with other organizations, internal departments, and stakeholders, exchanging information and findings as appropriate.
* Process controlled information reports from CISA as required.
* Develop a proactive method of monitoring Darknet sources for information which may indicate a threat or item of concern for the client.
* Monitor and maintain a cloud-based MISP installation, indicator ingestion, and evaluate new threat feeds for MISP.
* Evaluate any new threat intelligence tools, retail or open source, that may be of benefit to the client.
* Track work progress and metrics using Azure DevOps.
* Cross-train with related teams, including THF Team, SOC, and Penetration Testing Team
Requirements:
QUALIFICATIONS:
Required (Minimum) Qualifications Education, Certification, Experience, and Skills
* High School or GED-General Educational Development-GED Diploma
* Bachelors degree in computer science or equivalent is preferred
* Minimum of five years hands-on experience
* Understanding of basic computer and networking technologies
* Windows operating systems
* Networking technologies (routing, switching, VLANs, subnets, firewalls)
* Common networking protocols SSH, SMB, SMTP, FTP/SFTP, HTTP/HTTPS, DNS, etc.
* Common enterprise technologies Active Directory, Group Policy, and the Microsoft Azure suite of services.
* Understanding of current system logging technology and retrieving information from a plethora of platforms.
* Ability to work with or learn Microsoft Power BI.
* Ability to obtain and maintain Public Trust Security Clearance.
* Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Accordingly, U.S. Citizenship is required.
* Grasp of CTI Concepts:
* Intelligence methods, frameworks, and standards
* Practical knowledge of researching, collection skills, and analytical methods
* Tracking threat actors and researching their TTPs
* Open and closed-source intelligence
* CTI-focused products, platforms, and technologies
* Using commercial and open-source platforms, such as including Shodan, Censys, or similar
* Excellent analytical and problem-solving skills. The preferred candidate should have the ability to work independently, but also to work as part of a team.
* The ideal candidate will have an above the minimum attitude.
* Outstanding communication skills, both written and verbal, are a must. Ability to communicate with senior management and federal client staff both technical and non-technical in a clear and concise manner using proper spelling, punctuation, and grammar.
* Strong to expert proficiency in Microsoft Office 365 products and features of each.
* Familiarity with the Microsoft Azure suite of products including Microsoft Sentinel and Microsoft 365 Defender.
* The ability to rapidly shift priorities efficiently is a necessary skill for this position.
* Ability to speak publicly within the organization at meetings with up to 100 participants.
* Willingness to take on and adapt to new, open-ended tasks for which there is no current standard operating procedure.
* Ability to research independently and self-teach.
Preferred Qualifications Education, Certification, Experience, Skills, Knowledge, and Abilities
* Interest in security/hacking culture. Ability to think like an attacker
* Any CTI certification, especially:
* SANS: GIAC Cyber Threat Intelligence (GCTI)
* CREST Practitioner Threat Intelligence Analyst (CPTIA) or higher
* Center for TI: Certified Threat Intelligence Specialist I (CTIS-I) or higher
* Any Microsoft Azure certification, especially:
* Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900)
* Microsoft Certified: Security Operations Analyst Associate (SC-200)
* Microsoft Certified: Azure Fundamentals (AZ-900)
* Microsoft Certified: Azure Security Engineer Associate (AZ-500)
* Expertise in Microsoft Power BI
* Knowledge of technologies, policies, and concepts such as:
* Microsoft Sentinel SIEM
* Kusto Query Language (KQL)
* Malware Information Sharing Platform (MISP) administration
* Database technologies (MySQL) for MISP maintenance
* Linux and Docker for MISP maintenance
* IBM Mainframe
* Mobile device technologies (iOS, Android)
* Scripting experience (PowerShell, Python, etc.)
* Firewall and endpoint protection administration
* Azure DevOps
* NIST and CISA requirements and auditing
* Vulnerability management
Business Operational Concepts, LLC is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws.
Business Operational Concepts (BOC) is a recognized leader in providing Technical and Program Management Services, Information Technology, and Support.
BOC has enabled their Government and Commercial clients to achieve their organizational initiatives through the application of high quality, innovative, and cost-effective professional services and solutions. We provide a positive working environment, with opportunities for advancement in our growing Federal sector workforce.
We offer an excellent compensation package which includes a generous salary, insurance (medical, dental, etc.), paid leave, 401k plan and more. We are committed to the diversity we bring to the marketplace and believe customer satisfaction comes first.
JOB SUMMARY:
Business Operational Concepts (BOC) is currently seeking a seeking a Cyber Threat Intelligence Analyst to work with our federal client. The ideal candidate will serve as a Cyber Threat Intelligence Analyst within the federal clients Cybersecurity Division Cyber Integration Center. A highly motivated individual with strong technical, communication, and organizational skills will succeed on this program.
The mission of the federal clients Cyber Threat Intelligence (CTI) program is to produce and deliver relevant, accurate, and timely curated information (cyber threat intelligence) so that the federal client can proactively implement countermeasures to better inoculate itself from potential cyber threats. The CTI Team gathers information on adversarial behaviors and tactics, including indicator of compromise (IOC) and tactics, techniques, and procedures (TTP) lists and provides this information to the clients threat hunting team, as well as the SOC and other organizations where applicable. In addition to gathering information on current threats, the CTI team also configures and maintains a consistent ingestion of IOCs into the federal clients SIEM for detection and analytical purposes.
DUTIES AND RESPONSIBILITIES:
* Perform research using open-source and classified Cyber Threat Intelligence sources to identify and track Advanced Persistent Threats (APT), malware packages, and exploitable vulnerabilities. Identify and prepare profiles on any threats or topics that are applicable to the client.
* Provide the in-house Threat Hunting & Forensics (THF) Team with Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and other background information about threats relevant to the client.
* Assist the THF Team and the clients Security Operations Center (SOC) in the development of new and specific detection techniques for the profiled threats.
* Notify appropriate stakeholders of items of concern, such as unpatched vulnerabilities, attack surface exposures, and other threats discovered in the research process.
* Ongoing maintenance of the Cyber Threat Intelligence SOP to revise processes and reporting methods.
* Maintain consistent awareness to industry trends and topics, including available cyber security intelligence tools, blog posts, and news postings. This will also include monitoring of various social media platforms for any emerging threats, as well as contra-reputational information posted about the client.
* Prepare professional written deliverables and oral presentations for the clients senior leadership on profiles, threats, metrics and trends as required.
* Adapt to dynamically changing priorities, based on severity of threats, leadership requests, or sources of information.
* Cultivate professional relationships with other organizations, internal departments, and stakeholders, exchanging information and findings as appropriate.
* Process controlled information reports from CISA as required.
* Develop a proactive method of monitoring Darknet sources for information which may indicate a threat or item of concern for the client.
* Monitor and maintain a cloud-based MISP installation, indicator ingestion, and evaluate new threat feeds for MISP.
* Evaluate any new threat intelligence tools, retail or open source, that may be of benefit to the client.
* Track work progress and metrics using Azure DevOps.
* Cross-train with related teams, including THF Team, SOC, and Penetration Testing Team
Requirements:
QUALIFICATIONS:
Required (Minimum) Qualifications Education, Certification, Experience, and Skills
* High School or GED-General Educational Development-GED Diploma
* Bachelors degree in computer science or equivalent is preferred
* Minimum of five years hands-on experience
* Understanding of basic computer and networking technologies
* Windows operating systems
* Networking technologies (routing, switching, VLANs, subnets, firewalls)
* Common networking protocols SSH, SMB, SMTP, FTP/SFTP, HTTP/HTTPS, DNS, etc.
* Common enterprise technologies Active Directory, Group Policy, and the Microsoft Azure suite of services.
* Understanding of current system logging technology and retrieving information from a plethora of platforms.
* Ability to work with or learn Microsoft Power BI.
* Ability to obtain and maintain Public Trust Security Clearance.
* Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Accordingly, U.S. Citizenship is required.
* Grasp of CTI Concepts:
* Intelligence methods, frameworks, and standards
* Practical knowledge of researching, collection skills, and analytical methods
* Tracking threat actors and researching their TTPs
* Open and closed-source intelligence
* CTI-focused products, platforms, and technologies
* Using commercial and open-source platforms, such as including Shodan, Censys, or similar
* Excellent analytical and problem-solving skills. The preferred candidate should have the ability to work independently, but also to work as part of a team.
* The ideal candidate will have an above the minimum attitude.
* Outstanding communication skills, both written and verbal, are a must. Ability to communicate with senior management and federal client staff both technical and non-technical in a clear and concise manner using proper spelling, punctuation, and grammar.
* Strong to expert proficiency in Microsoft Office 365 products and features of each.
* Familiarity with the Microsoft Azure suite of products including Microsoft Sentinel and Microsoft 365 Defender.
* The ability to rapidly shift priorities efficiently is a necessary skill for this position.
* Ability to speak publicly within the organization at meetings with up to 100 participants.
* Willingness to take on and adapt to new, open-ended tasks for which there is no current standard operating procedure.
* Ability to research independently and self-teach.
Preferred Qualifications Education, Certification, Experience, Skills, Knowledge, and Abilities
* Interest in security/hacking culture. Ability to think like an attacker
* Any CTI certification, especially:
* SANS: GIAC Cyber Threat Intelligence (GCTI)
* CREST Practitioner Threat Intelligence Analyst (CPTIA) or higher
* Center for TI: Certified Threat Intelligence Specialist I (CTIS-I) or higher
* Any Microsoft Azure certification, especially:
* Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900)
* Microsoft Certified: Security Operations Analyst Associate (SC-200)
* Microsoft Certified: Azure Fundamentals (AZ-900)
* Microsoft Certified: Azure Security Engineer Associate (AZ-500)
* Expertise in Microsoft Power BI
* Knowledge of technologies, policies, and concepts such as:
* Microsoft Sentinel SIEM
* Kusto Query Language (KQL)
* Malware Information Sharing Platform (MISP) administration
* Database technologies (MySQL) for MISP maintenance
* Linux and Docker for MISP maintenance
* IBM Mainframe
* Mobile device technologies (iOS, Android)
* Scripting experience (PowerShell, Python, etc.)
* Firewall and endpoint protection administration
* Azure DevOps
* NIST and CISA requirements and auditing
* Vulnerability management
Business Operational Concepts, LLC is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.