Cyber Hunt & Incident Response Analyst

Perform analysis, Monitor open source, Leverages tools, forensics, Write and publish CND reports, utilize data, correlate data
Full Time, 3yr +option
Work from home not available Travel not required

Job Description

  • Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, as well as embedded systems and mainframes.
  • Monitor open source channels (e.g. vendor sites, Computer Emergency Response Teams, SysAdmin, Audit, Network, Security (SANS) Institute, Security Focus) to maintain a current understanding of Computer Network Defense (CND) threat condition and determine which security issues may have an impact on the enterprise.
  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
  • Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or Bro as part of duties performing cyber incident response analysis.
  • Track and document CND hunts and incidents from initial detection through final resolution.
  • Collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential CND hunts and incidents within the enterprise.
  • Perform forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
  • Perform real-time CND hunt and incident handling (e.g. forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Hunt and Incident Response Teams (IRTs).
  • Write and publish CND guidance and reports (e.g. engagement reports) on incident findings to appropriate constituencies.
  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
  • Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities.
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
  • May be required to travel up to 25% of time.


Minimum Qualifications:

  • Bachelor’s degree in a technical discipline with a minimum of 3 years related technical experience.
  • Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.
  • Familiar with network analytics including Netflow/PCAP analysis.
  • Understanding of cyber forensics concepts including malware, hunt, etc.
  • Understanding of how both Windows and Linux systems are compromised.


Preferred Qualifications:

  • DHS Suitability at the SCI level
  • Experience using Splunk for system data analytics and monitoring strongly preferred.
  • Experience performing cyber forensics, malware analysis, cyber hunt, etc. strongly preferred.
  • A professional certification such as GCFA, GNFA, GREM, or GCIH is highly desirable.

Posted By

Windy Fields

McLean, VA, 22102

Dice Id : 10335432
Position Id : 832894
Have a Job? Post it

Similar Positions

Cyber SOC Analyst - Tier III
  • Accenture Federal Services
  • Greenbelt, MD
Cybersecurity Responder Analyst
  • ClearFocus Technologies LLC
  • Washington, DC
SOC Incident Response
  • CyberData Technologies
  • Rockville, MD
SOC Process Consultant
  • Hill Associates
  • Washington, DC
Senior Cyber Security (SOC) Analyst
  • ConsultUSA
  • Ashburn, VA
Security Incident Response
  • Wipro Ltd.
  • Ashburn, VA
Cyber Operations Specialist
  • SAIC
  • Fort Meade, MD
Cybersecurity SOC Analyst Tier II
  • Perspecta
  • Herndon, VA
Incident Response Analyst - Tier 1
  • Leidos
  • Alexandria, VA
Tier 1 SOC Analyst
  • Base One Technologies
  • Alexandria, VA
Cyber Security (IDS) Analyst
  • ManTech International
  • Washington, DC
Cyber Operations Analyst
  • Dunhill Professional Search
  • Germantown, MD
Incident Response Analyst
  • VariQ Corporation
  • Washington, DC
  • Foxhole Technology
  • Washington D.c., DC