Cyber Threat Hunter (Cybersecurity)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Cyber Threat Hunter (Cybersecurity): Proactively identifying and investigating security anomalies across cloud and on-premise environments with an accent on hypothesis-based threat hunting and incident response. Focus on utilizing Splunk, EDR tools, and agile methodologies to detect sophisticated threat actor activity within the US Courts judicial fabric.
Location: Must be based in Washington, DC; 80% onsite (Monday-Thursday) required.
Company
is a technology services provider supporting government agencies and judicial programs.
What you will do
- Conduct hypothesis-based threat hunts to identify anomalies indicative of threat actor activity.
- Perform incident response activities and triage malware events to determine root causes.
- Develop and document custom detection logic and Splunk searches for automated threat detection.
- Configure, deploy, and troubleshoot EDR agents like CrowdStrike and Sysmon.
- Manage and document cyber defense incidents from initial detection through final resolution.
- Participate in daily Agile Scrum standups and report progress via Jira.
Requirements
- 5+ years of experience in threat hunting and incident response for cloud and non-cloud environments.
- 5+ years of experience utilizing Splunk Enterprise Security for queries and look-up tables.
- 5+ years of experience with EDR agents (CrowdStrike) and custom scripts (Sysmon, Auditd).
- Proficiency with Microsoft Azure, O365, Active Directory, and Zscaler.
- Must be able to work 80% onsite at the AOUSC office in Washington, DC.
- Experience with vulnerability management and network traffic analysis tools.
Nice to have
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Continuous Monitoring (GMON)
- GIAC Defending Advanced Threats (GDAT)
- Splunk Core Power User certification
Culture & Benefits
- Support for critical US government judicial infrastructure.
- Agile-driven project environment.
- Opportunity to work with advanced security intelligence feeds and tools.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →