Security Consultant (DFIR)
springfield, ma
Our client is looking for a Security Consultant (DFIR) to join their team at a well known cybersecurity firm.
In this role you will perform incident response and threat hunting-related tasks. You will work with various security solutions including SIEM, EDR, UEBA, and SOAR solutions. This is a heavy Linux/CentOS environment, so experience is required. Familiarity with MITRE ATT&CK framework and consulting experience is a plus.
This is a hybrid role in Springfield, VA.
Candidate must be a U.S. Citizen. Candidates must hold an active TS clearance and be willing to obtain a SCI clearance.*
For a quicker response, please apply directly to this role here: https://cybersn.com/cards/2284/card.html
Responsibilities:
25% Threat Hunting
Develop and enhance threat hunting methodologies and hypotheses
Implement, validate and normalize threat data collection sources
Improve and enhance threat hunting maturity levels
Enhance SIEM threat hunting capabilities
Participate in hunt missions using Threat Hunting Platforms to identify, detect and investigate threats on the enterprise network and/or cloud networks.
Participate in hunting missions using searching techniques to identify, detect and investigate threats on the enterprise network and/or cloud networks.
Participate in hunting missions using searching or clustering techniques to identify, detect and investigate threats actors and advanced adversaries on the enterprise network and/or cloud networks
Attack vectors from MITRE ATT&CK framework
Perform OSINT collection and threat profile analysis
Research threat actor analysis and capability
Current trends and threat landscape
Build and manage threat research and sharing relationships Sector-based Information Sharing Analysis Centers (ISACs)
Participate in incident response as a member of the CSIRT
20% Incident Response
Respond to incidents involving malware
Respond to network based attacks
Monitor system events, logfiles and alerts
Perform incident detection
Program and write scripts
20% Security Engineering
Perform infrastructure and cloud security design
Install, maintain, and patch security products
Monitor system events, log files and alerts
Evaluate new security products and solutions
Interact with cloud based platforms
20% Security Operations
Harden systems for cyber resilience
Research new threats, attack techniques and methods
Participate in business continuity and disaster planning
15% Threat Intel
Collect, review, analyze, process and enrich open source and/or commercial threat datasets
Create and deliver technical alerts, reports, and vulnerability notifications
Gather and record key indicators and information about threat campaigns and infrastructure
Prepare assessments and cyber threat profiles of current events based on collection, research and analysis of open source information
Provide intelligence support during incident response and forensic security investigations
Process and enrich information to ensure timely, actionable, high confidence IOC's are ingested and shareable
Conduct technical analysis based upon industry accepted threat intelligence analytical frameworks, tools, and standards
Develop and maintain threat profiles and the associated tactics, techniques, and procedures used to infiltrate computer networks
Apply technical knowledge of security architectures, tools and controls to proactively detect, mitigate, and resolve advanced cyberattacks and/or threats.
Requirements :
Must actively hold a TS clearance and be willing to obtain a SCI.
5+ years of experience in incident response and threat hunting.
Hands-on experience with security solutions including SIEM, EDR, UEBA, and SOAR solutions.
Must have extensive command line experience with Linux.
Why CyberSN?
CyberSN is the Cybersecurity Jobs and Career Marketplace. From online matching to full-service recruitment, CyberSN provides professionals and hiring teams with the expertise, information, tools, connections, and services they need to maximize career success, job satisfaction, team performance, diversity, and retention.