Cyber Threat Analyst
Tyto Athene, LLC
full-time
Posted on:
Location Type: Hybrid
Location: Washington • District of Columbia • Washington • United States
Visit company websiteExplore more
About the role
- Actively hunt for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in the network and in the host as necessary
- Search network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns, and hunt for Advanced Persistent Threats (APT)
- Create detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate team
- Collaborate with the SOC and Threat Analysts to contain and investigate major incidents
- Provide simple and reusable hunt tactics and techniques to a team of security engineers, SIEM specialists, and SOC analysts
- Work with leadership and the engineering team to improve and expand available toolsets
- Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture
- Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs.
Requirements
- 10 years of general experience and 8 years of relevant Cybersecurity experience
- Experience with securing and hardening IT infrastructure
- Demonstrated or advanced experience with computer networking and operating systems
- Experience with operational security, including security operations center (SOC), incident response, malware analysis, or IDS and IPS analyses
- Demonstrated proficiency with regular expression and scripting languages, including Python or PowerShell
- Demonstrated proficiency with data hunting, including ELK, Splunk, Apache Spark, or AWS Stack
- Familiarity with: Netflow data, DNS logs, Proxy Logs
- Experience with network hunting, including Bro Logs, Netflow, PCAP, or PaloAlto firewalls and proxies
- Knowledge of Windows and Linux OS’ and command line
- Ability to analyze malware, extract indicators, and create signatures in Yara, Snort, and IOCs
- Strong analytical skills and the ability to effectively research, write, communicate and brief varying levels of audiences to include at the executive level
- Knowledge related to the current state of cyber adversary tactics and trends
- Knowledge of the Splunk search language, search techniques, alerts, dashboards, and report building
- Knowledge of the TCP/IP networking stack and network IDS technologies
- Bachelor’s Degree in CS-related field preferred
- Certifications Desired: CISSP, SANS GCTI, CCSP, GCFA, GCFE, GREM, GNFA, or OSCP Certification
Benefits
- Health/Dental/Vision
- 401(k) match
- Paid Time Off
- STD/LTD/Life Insurance
- Referral Bonuses
- professional development reimbursement
- parental leave
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Indicators of Compromise (IOC)Advanced Persistent Threats (APT)Incident Reportsnetwork flow analysisPCAP analysismalware analysisregular expressionPythonPowerShelldata hunting
Soft Skills
analytical skillscommunicationcollaborationresearchwritingbriefing
Certifications
CISSPSANS GCTICCSPGCFAGCFEGREMGNFAOSCP