Cybervance, Inc.

Mid-Level Cyber Threat Hunter, Forensics Analyst

Cybervance, Inc.

full-time

Posted on:

Location: Washington • 🇺🇸 United States

Visit company website
AI Apply
Apply

Job Level

Mid-LevelSenior

Tech Stack

AndroidAzureCloudCyber SecurityDNSiOSLinuxPythonSMTPSplunkSQLTCP/IP

About the role

  • Identify threat tactics, methodologies, gaps, and shortfalls aligned with the MITRE ATT&CK Framework and the Azure Threat Research Matrix (ATRM).
  • Perform Hypothesis-based or Intelligence-based Cyber Threat Hunts to identify threats and risks within environments.
  • Use cloud-native techniques and methods to identify and create threat detections for automated response activities.
  • Use Agile methodology to organize intelligence, hunts and project status.
  • Independently research intelligence reports to find actionable data for conducting intel or hypothesis-based hunts.
  • Explore and correlate large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, and investigate alerts for enterprise customers.
  • Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion.
  • Confirm what is known about an intrusion and discover new information via dynamic analysis.
  • Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes.
  • Provide a technical summary of findings in accordance with established reporting procedures.
  • Ensure that the chain of custody is followed by all digital media acquired in accordance with the Federal Rules of Evidence.
  • Recognize and accurately report forensic artifacts indicative of a particular operating system.
  • Extract data using data carving techniques (e.g., Forensic Tool Kit [FTK], Foremost).
  • Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
  • Create detections and automation to detect, contain, eradicate, and recover from security threats.
  • Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques.
  • Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs and TTPs.
  • Conduct proactive hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.

Requirements

  • Bachelor’s degree or higher
  • 5+ years’ performing cyber threat hunting and forensics support for incident response.
  • Certifications addressing identification of malicious system and user activity, incident response in an enterprise environment, timeline artifact analysis, timeline collection, timeline processing, volatile data collection, analysis of profiling of systems and devices, analysis of file and program activity, acquisition, preparation, and preservation of digital evidence, analysis of user communications, advanced IDS concepts, applications protocols, concepts of TCP/IP and the link layer, DNS, fragmentation, IDS fundamentals and initial deployment (e.g., snort, bro), IDS rules (e.g., snort, bro), IPv6, network architecture and event correlation, network traffic analysis and forensics, or packet engineering.
  • Active Secret clearance or higher
  • Strong written and verbal communication skills.
  • Solid knowledge of TCP/IP networking, and network services such as DNS, SMTP, DHCP, etc.
  • Solid understanding of attacker tradecraft associated with email, app-based, cloud threats and the ability to apply defensive tactics to protect against threats.
  • Good knowledge of operating system internals, OS security mitigations, understanding of Security challenges in Windows, Linux, Mac, Android & iOS platforms
  • Experience using forensic tools (e.g., EnCase, Sleuthkit, FTK).
  • Ability to perform deep analysis of captured malicious code (e.g., malware forensics).
  • Skill in analyzing anomalous code as malicious or benign.
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Incorporate agile, threat intelligence-driven or hypothesis-based threat hunting, and the MITRE ATT&CK framework to identify and prioritize development of missing or ineffective detection capabilities to detect, prevent, and respond to cyber events originating from threat actors.
  • Ability to analyze memory dumps to extract information.
  • Skill in identifying and extracting data of forensic interest in diverse media (i.e., media forensics).
  • Some exposure to Python, PowerShell, or bash. (Preferred)
  • Proficiency in using query languages used in popular SIEM products (Splunk, Sentinel). (Preferred)
  • Experience with producing finished intelligence content on threat actors and attacker techniques, including written reports, presentations, and visuals covering attribution, threat detection and hunting guidance, and remediation recommendations. (Preferred)
  • Experience conducting non-attributable research and conducting research using the deep web. (Preferred)
  • Preserve evidence integrity according to standard operating procedures or national standards.
Mission Technologies, a division of HII

Lead Supply Chain Risk Management Analyst – Intelligence Analyst 4

Mission Technologies, a division of HII
Seniorfull-time$102k–$160k / yearCalifornia · 🇺🇸 United States
Posted: 1 day agoSource: jobs.hii-tsd.com
TypeScript
CrowdStrike

Senior Threat Hunting Intelligence Analyst

CrowdStrike
Seniorfull-time$100k–$155k / yearColorado, Idaho, Montana, New Mexico, Wyoming · 🇺🇸 United States
Posted: 6 days agoSource: crowdstrike.wd5.myworkdayjobs.com
Flashpoint Venture Capital

Senior Intelligence Analyst

Flashpoint Venture Capital
Seniorfull-time🇺🇸 United States
Posted: 8 days agoSource: jobs.ashbyhq.com
Open Source
AMERICAN SYSTEMS

Cyber-Intelligence Analyst

AMERICAN SYSTEMS
Mid · Seniorfull-time$78k–$130k / yearMaryland · 🇺🇸 United States
Posted: 8 days agoSource: careers-americansystems.icims.com
Cyber SecurityTypeScript
American Electric Power

Cyber Threat Analyst

American Electric Power
Senior · Leadfull-time$113k–$147k / yearColorado · 🇺🇸 United States
Posted: 14 days agoSource: aep.wd1.myworkdayjobs.com
Cyber Security