Lead Cyber Threat Hunter

Tyto Athene is searching for a Lead Cyber Threat Hunter to support our customer in Arlington, Virginia.Responsibilities:Actively hunt for Indicators of Compromise (IOC) and threat actor Tactics, Techniques, and Procedures (TTP) in the network and the host as necessarySearch network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns, and hunt for Advanced Persistent Threats (APT)Create detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate teamsCollaborate with the SOC and Threat Analysts to contain and investigate major incidentsProvide simple and reusable hunt tactics and techniques to a team of security engineers, SIEM specialists, and SOC analystsWork with leadership and the engineering team to improve and expand available toolsetsAnalyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive postureMonitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs.Required:Bachelor's degree in Computer Science, Information Technology, or related field and 8 years of relevant experience or a Masters degree and 4 yearsExperience with securing and hardening IT infrastructureDemonstrated or advanced experience with computer networking and operating systemsExperience with operational security, including security operations center (SOC), incident response, malware analysis, or IDS and IPS analysesDemonstrated proficiency with regular expression and scripting languages, including Python or PowerShellDemonstrated proficiency with data hunting, including ELK, Splunk, Apache Spark, or AWS StackExperience with network hunting, including Bro Logs, DNS, Netflow, PCAP, or firewalls and proxiesKnowledge of Windows and Linux OS' and command lineAbility to analyze malware, extract indicators, and create signatures in Yara and SnortStrong analytical skills and the ability to effectively research, write, communicate and brief varying levels of audiences to include at the executive levelKnowledge related to the current state of cyber adversary tactics and trendsKnowledge of the Splunk search language, search techniques, alerts, dashboards, and report buildingKnowledge of the TCP/IP networking stack and network IDS technologiesDesired:Previous experience working as a cyber threat hunterExperience with operational security, including security operations centers (SOC), incident response, digital forensics, and malware analysisExperience with major cloud service provider offeringsKnowledge of offensive security tools and techniquesClearance: Active Secret clearance requiredCertification: DoD 8570 IAM/IAT Level II certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.

Created: 2025-01-14