Talent.com
Senior Threat Hunter

Senior Threat Hunter

cFocus Software IncorporatedWashington, DC, US
30+ days ago
Job type
  • Full-time
  • Quick Apply
Job description

cFocus Software seeks a Threat Hunter to support the Administrative Offices of the United States Courts (AOUSC) in Washington, DC.  This position will require 4 days a week onsite at the Thurgood Marshall Building and 1 day remote with hours of 8am- 4 :

  • 30pm.   Required Qualifications include : Ability to obtain a Public Trust 5 years of experience performing threat hunts & incident response activities for cloud-based and non-cloud-based environments, such as : Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Zscaler 5 years of experience performing hypothesis-based threat hunt & incident response utilizing Splunk Enterprise Security. 5 years of experience collecting and analyzing data from compromised systems using EDR agents (e.g.
  • CrowdStrike ) and custom scripts (e.g.

Sysmon & Auditd ) 5 years of experience with the following threat hunting tools :

  • Microsoft Sentinel for threat hunting within Microsoft Azure; Tenable Nessus and SYN / ACK for vulnerability management; NetScout for analyzing network traffic flow; SPUR.us enrichment of addresses Mandiant Threat intel feeds Must be able to work 80% (Monday thru Thursday) onsite at AOUSC office in Washington, DC One of the following certifications : GIAC Certified Intrusion Analyst (GCIA) GIAC Certified Incident Handler (GCIH) GIAC Continuous Monitoring (GMON) GIAC Defending Advanced Threats (GDAT) Splunk Core Power User Duties and Responsibilities : Provide incident response services after an incident is declared and provides a service that proactively searches for security incidents that would not normally be detected through automated alerting.
  • The Threat Hunt mission is to explore datasets across the judicial fabric to identify unique anomalies that may be indicative of threat actor activity based on the assumption that the adversary is already present in the judicial fabric.
  • The extended mission is to conduct counterintelligence, build threat actor dossiers, disrupt adversary operations, identify misconfigurations / vulnerabilities, and identify visibility / detection gaps, if any.
  • Human analytical thinking is imperative to the primary and extended missions as it is up to the threat hunter to find signs of an intrusion that have bypassed the automatic detection process that may already be in place.
  • Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now), for threat hunt support.

    • Threat hunt targets include cloud-based and non-cloud-based applications such as :

  • Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (i.e., Zscaler).
  • Review and analyze risk-based Security information and event management (SIEM) alerts when developing hunt hypotheses.
  • Review open-source intelligence about threat actors when developing hunt hypotheses.
  • Plan, conduct, and document iterative, hypothesis based, tactics, techniques, and procedures (TTP) hunts utilizing the agile scrum project management methodology.
  • At the conclusion of each hunt, propose, discuss, and document custom searches for automated detection of threat actor activity based on the hunt hypothesis.
  • Configure, deploy, and troubleshoot Endpoint Detection and Response agents (e.g., CrowdStrike and Sysmon).
  • Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
  • Track and document cyber defense incidents from initial detection through final resolution.
  • Interface with IT contacts at court or vendor to install or diagnose problems with EDR agents.
  • Participate in government led after action reviews of incidents.
  • Triage malware events to identify the root cause of specific activity.
  • Attend daily Agile Scrum standups and report progress on assigned Jira stories.     Powered by JazzHR
    • Create a job alert for this search

    Senior Threat Hunter • Washington, DC, US

    Related jobs
    Threat Assessment Team Lead

    Threat Assessment Team Lead

    K2 Group, Inc.Arlington, VA, US
    Full-time
    Quick Apply
    This is a contingent opportunity Threat Assessment Team Lead is responsible for the pre-assessment coordination requirements and providing installation support for the development and public...Show moreLast updated: 30+ days ago
    Joint Target Intelligence Analyst - Senior

    Joint Target Intelligence Analyst - Senior

    Nalley ConsultingFort Meade, MD, US
    Full-time
    Quick Apply
    Join the Nalley Consulting team as a Senior Joint Target Analyst in support of the CYBERCOM mission at Fort Meade, MD.Joint Target Intelligence Analyst Experience level : Senior Location : Fort Meade...Show moreLast updated: 30+ days ago
    Senior Cyber Intrusion Detection Analyst

    Senior Cyber Intrusion Detection Analyst

    Vets HiredWashington, D.C., District of Columbia, United States
    Full-time
    Quick Apply
    A Senior Cyber Intrusion Detection Analyst is needed to provide advanced incident response and monitoring support.This is a hybrid position based in Washington, D. Saturday & Sunday, Friday 11pm7am,...Show moreLast updated: 30+ days ago
    Senior Security & Compliance SME

    Senior Security & Compliance SME

    TestProsNew Carrollton, MD, US
    Full-time
    Quick Apply
    Company Overview TestPros is a successful and growing business, established in 1988 to provide Information Technology (IT) technical support services to a wide range of Commercial and U.Federal, St...Show moreLast updated: 6 days ago
    Tier 3 Incident Response Senior Analyst

    Tier 3 Incident Response Senior Analyst

    Resource Management Concepts, Inc.Quantico, VA, US
    Full-time
    Quick Apply
    Tier 3 Incident Response Senior Analyst.Quantico, Virginia, providing defensive cyberspace operations and Cyber Security Service Provider (CSSP) functions. This position will support the government'...Show moreLast updated: 12 days ago
    • Promoted
    Travel CT Tech - $3,467 per week in Lutherville Timonium, MD

    Travel CT Tech - $3,467 per week in Lutherville Timonium, MD

    AlliedTravelCareersColumbia, Maryland, US
    Full-time
    AlliedTravelCareers is working with Medical Solutions to find a qualified CT Tech in Lutherville Timonium, Maryland, 21093!. A facility in Lutherville Timonium, MD is seeking its next amazing CT Tec...Show moreLast updated: 30+ days ago
    Subject Matter Expert (STE), Level 3 (FORECASTED)

    Subject Matter Expert (STE), Level 3 (FORECASTED)

    Independent SoftwareFort Meade, MD, US
    Full-time
    Quick Apply
    At Independent Software, we understand that mission success depends on strategic cybersecurity expertise.As a Subject Matter Expert (STE) Level 3, you will serve as a trusted technical advisor deli...Show moreLast updated: 30+ days ago
    Vulnerability Management

    Vulnerability Management

    Innova SolutionsManassas, VA,Virginia,United States
    Full-time
    Quick Apply
    A client of Innova Solutions is immediately hiring for a.As Vulnerability Management you will be.Defining and implementing vulnerability management and patching policies for on-premises infrastruct...Show moreLast updated: 25 days ago
    PCL Specialist - Tier 1 Investigation Processing

    PCL Specialist - Tier 1 Investigation Processing

    ISI EnterprisesHerndon, VA, US
    Full-time
    Quick Apply
    IsI Enterprises is searching for a PCL Specialist that will be responsible for processing Tier 1 personnel security clearance investigations, including pre-screening, case initiation, and case...Show moreLast updated: 12 days ago
    Role Player / Surveillance Team Members

    Role Player / Surveillance Team Members

    DarkStar Intelligence LLCQuantico, VA, US
    Part-time
    Quick Apply
    Role Player / Surveillance Team Members Position Summary DarkStar Intelligence is seeking Role Players and Surveillance Team Members to support training and surveillance operations across the Washing...Show moreLast updated: 30+ days ago
    Joint Target Intelligence Analyst - Senior - TS / SCI - Fort Meade, MD

    Joint Target Intelligence Analyst - Senior - TS / SCI - Fort Meade, MD

    Global DimensionsFort Meade, MD, US
    Full-time
    Quick Apply
    HUBZone, service disabled, veteran-owned small business.We are a dynamic, expanding company with exciting opportunities in language / culture, training / education / instruction, IT, cyber security, and ...Show moreLast updated: 30+ days ago
    Vulnerability Researcher : All Levels (Applicants must already hold a TS clearance or higher)

    Vulnerability Researcher : All Levels (Applicants must already hold a TS clearance or higher)

    Cipher Tech SolutionsVienna, VA, USA
    Full-time
    Quick Apply
    The candidate will be working independently as a Vulnerability Researcher to identify flaws in software.The candidate must be familiar with the latest techniques in vulnerability research and demon...Show moreLast updated: 27 days ago
    Security Specialist (SS-L3) NGA - Washington

    Security Specialist (SS-L3) NGA - Washington

    MasegoSpringfield, VA, US
    Full-time
    Quick Apply
    Location : Springfield, VA _________________________________________________________________________________________________ Masego is an award-winning small business that specializes in GEOINT serv...Show moreLast updated: 30+ days ago
    • Promoted
    Insider Threat Program Investigative Team Analyst

    Insider Threat Program Investigative Team Analyst

    LeidosBowie, MD, US
    Full-time
    The Digital Modernization Sector at Leidos currently has an opening for a UAM Investigative Team Analyst supporting the HEITS Contract as part of the Department of Homeland Security (DHS) Insider T...Show moreLast updated: 7 days ago
    Threat Analyst

    Threat Analyst

    Independent SoftwareFort Meade, MD, US
    Full-time
    Quick Apply
    As a Threat Analyst, you will use multiple systems and information collected from a variety of sources to assess potential mission, personnel, or facility risks. You’ll work in a fast-paced en...Show moreLast updated: 30+ days ago
    Targeting Analyst

    Targeting Analyst

    Veros Technologies, LLCReston, VA, US
    Full-time
    Quick Apply
    Working with Veros Driven by technical excellence and uncompromising principles, Veros Technologies’ mission is to solve our clients’ toughest technical challenges while being set apart...Show moreLast updated: 30+ days ago
    • Promoted
    Travel CT Tech - $2,290 per week in Towson, MD

    Travel CT Tech - $2,290 per week in Towson, MD

    AlliedTravelCareersColumbia, Maryland, US
    Full-time
    AlliedTravelCareers is working with Coast Medical Service to find a qualified CT Tech in Towson, Maryland, 21204!.Coast Medical Service is a nationwide travel nursing & allied healthcare staffi...Show moreLast updated: 5 days ago
    • Promoted
    Insider Threat Program Hunt Team Analyst

    Insider Threat Program Hunt Team Analyst

    LeidosSpringfield, VA, US
    Full-time
    The Digital Modernization Sector at Leidos currently has an opening for a Hunt Analyst supporting the HEITS Contract as part of the Department of Homeland Security (DHS) Insider Threat Program (ITP...Show moreLast updated: 30+ days ago
    • Promoted
    Insider Threat Program Senior System Engineer

    Insider Threat Program Senior System Engineer

    LeidosAnnandale, VA, US
    Full-time
    The Digital Modernization Sector at Leidos currently has an opening for a Senior System Engineer supporting the HEITS Contract as part of the Department of Homeland Security (DHS) Insider Threat Pr...Show moreLast updated: 1 day ago
    SOC Threat Hunter / Splunk Architect (Purple Team Focus)

    SOC Threat Hunter / Splunk Architect (Purple Team Focus)

    DarkStar Intelligence LLCFort Meade, MD, US
    Full-time
    Quick Apply
    SOC Threat Hunter / Splunk Architect (Purple Team Focus) Location : .Fort Meade, MD | Type : Full-Time | Clearance : TS / SCI CI polygraph required Overview DarkStar Intelligence is seeking a SOC T...Show moreLast updated: 21 days ago