SAIC has an opening for a Threat Hunter. This role is 100% remote nationwide.
The Cyber Security Threat Hunter Principal position will conduct proactive threat hunting and research to detect and respond to threat actors, developing new detection methodologies, and provide skilled support to incident response and monitoring functions. The responsibilities of the Threat Hunter include the detection, disruption and destruction of the presence of threat actors from enterprise networks. The Threat Hunter will use data analytics, critical threat intelligence, and the latest security technologies. They will also support the Cybersecurity Operations Center by applying analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats, and perform incident response.
The position requires the individual to be a highly knowledgeable on a number of security technologies, have a solid understanding of information security and networking and comprehensive experience interacting with customers. Will be able to engage on tasks independently, document and communicate work efforts and provide expert level technical support and threat intelligence development on an enterprise scale.
The position will work with ESOC Cyber Security Analyst to review and evaluation threat intel to make adjustments to the security monitor and identification processes in providing the best possible security solution to protect the environment.
- Conduct advanced threat hunt operations using known adversary TTP’s and indicators of attack in order to detect adversaries with persistent access to the enterprise
- Construct and utilize open source and classified threat intelligence to detect, respond, and defeat advanced persistent threats (APTs)
- Identify, extract, and leverage intelligence from APT intrusions
- Fully analyze network and host activity in successful and unsuccessful intrusions by advanced attackers
- Create and add custom signatures, to mitigate highly dynamic threats to the enterprise using the latest threat information obtained from multiple sources
- Correlate data from multiple security log sources such as: EDR, IDS, Firewall, Web server, Host OS, and DNS
- Notify the management team of significant changes in the security threat against the network environment in a timely manner and in writing via established reporting methods
- Coordinate with appropriate organizations within the intelligence community regarding possible security incidents. Conduct intra-office research to evaluate events as necessary, maintain the current list of coordination points of contact
- Review assembled data with firewall administrators, engineering, system administrators and other appropriate groups to determine the risk of a given event
- Performs Computer Security Incident Response activities for a large organization, coordinates with other government agencies to record and report incidents.
- Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
- Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure, applications and operating systems.
- Assists with implementation of counter-measures or mitigating controls.
- Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.
- Prepares incident reports of analysis methodology and results.
- Maintains current knowledge of relevant technology as assigned.
- Participates in special projects as required.
- Collaborate with the global security operations teams to provide targeted threat hunting reports on a regular cadence.
- Contribute to the development of policies, standards and guidelines for incident response;
- Correlate threat intelligence with active attacks and vulnerabilities within the enterprise;
- Monitor and analyze security events and identify trends, attacks, and potential threats;
- Research and test out new threat hunting tools and techniques.
- Track work effectively
- Create and maintain documentation related to threat hunting
- Engage application and infrastructure teams to establish best practices for utilizing data and visualizations
- Mentor members of the technical staff to support and assist in threat intel activities
- Maintain regulatory awareness and compliance
- Responsible for meeting all SLA requirements
- Performing documentation review and improvement
- Attending meetings as needed
- Participate in knowledge sharing
- Additional responsibilities will include the ability to train, mentor, and provide oversight to SOC analyst team
- Support shift rotation, including weekends and holidays of a 24/7 operation
- Bachelors and nine (9) years or more experience; Masters and seven (7) years or more experience; PhD or JD and four (4) years or more experience
- Must possess Security+, CISSP, or OSCP certification
- Must have a minimum of 5 years combined experience from Threat Hunting and Incident Response
- Must have the ability to obtain a Secret Clearance
- Detailed knowledge of the threat intelligence data gathering processes
- Working knowledge of security architectures and devices
- Working knowledge of threat intelligence consumption and management
- Working knowledge of root causes of malware infections and proactive mitigation
- Working knowledge of lateral movement, footholds, and data exfiltration techniques
- Experience with Netflow or PCAP analysis Basic knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, GDPR, ISO 27001 27002)
- Knowledge of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines
- Can-do attitude
- Self-motivated and quick-learner
- Excellent communication skills both verbal and written
- Ability to create internal and customer-oriented documentation
- Ability to complete tasks on time, unsupervised
- Ability to anticipate problems and develop effective solutions
- Willing to be hands-on and work at tasks outside of normal duties if needed to support management objectives
- Experience working with Windows and Linux operating systems
- Excellent project and time management skills
- Ability to multitask and solve complex technical problems
- 1st hand Experience in identifying and eradicating APT intrusions
- One or more of the following certifications: OSCP, GCTI, GCIH, GCIA, GCFE, GCFA, GREM, CEH
- Currently possess Secret Clearance or higher
- Experience using both EDR and SIEM Technologies in Threat hunting and IR processes.
- 10+ years in Cyber Security and IT
- Proficiency with Python and PowerShell
- Experience creating Snort and Yara rules
- Experience consuming and creating Threat Intelligence using STIX 2.0 format
- Previous experience working in large scale environments with diverse technologies
- Familiarity with writing shell scripts to automate administration functions to parse files
- Experience with integrating solutions in a multi-vendor environment
- Experience with enterprise-scale operations and maintenance environments
- Experience with various security tools, including Splunk, Wireshark, Nessus, Nmap, Burp, Proxy, or Snort
- Experience working in a multi-server environment
Target salary range: $75,001 - $100,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit saic.com or Working at SAIC for benefits details. SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all.