Cyber Threat Hunt Subject Matter Expert
Company: ManTech International Corporation
Location: Rockville
Posted on: January 16, 2023
|
|
Job Description:
Secure our Nation, Ignite your FutureCan you protect and defend
the most coveted targets in the world to ensure the safety of
information systems assets and protect systems from intentional or
inadvertent access or destruction? Join ManTech and help protect
our national security while working on innovative projects that
offer opportunities for advancement. We encourage our team members
to share and grow their skills and expertise while creating robust
and state-of-the-art solutions.Join our Adversarial Pursuit team as
a Cyber Threat Hunt Subject Matter Expert (SME) on this
Agency-level Cyber Security support contract. Help strengthen an
established unit of elite cyber defense experts by advising
strategic vision and tactical implementation to protect our
customer's varied networks from all enemies.Responsibilities
include, but are not limited to:Provide strategic and tactical
direction to cyber hunters and leadership based on trends and
actionable intelligence related to threat capabilitiesCoordinate
hunt activities between various internal and external hunt
groupsConstruct and exploit threat intelligence to detect, respond,
and defeat advanced persistent threats (APTs)Fully analyze network
and host activity in successful and unsuccessful intrusions by
advanced attackersBuild fly-away kits utilizing an agile approach
to identify the appropriate tools and technologies necessary to
conduct hunt missionsConduct advanced threat hunt operations using
known adversary tactics, techniques and procedures as well as
indicators of attack in order to detect adversaries with persistent
access to the enterpriseCreate and add custom signatures, to
mitigate highly dynamic threats to the enterprise using the latest
threat information obtained from multiple sourcesPerform malware
analysis on samples obtained during the course of an investigation
or hunt operation in order to create custom signaturesDevelop and
produce reports on all activities and incidents to help maintain
day to day status, develop and report on trends, and provide focus
and situational awareness on all issuesPiece together intrusion
campaigns, threat actors, and nation-state organizationsManage,
share, and receive intelligence on APT adversary groupsGenerate
intelligence from their own data sources and share it
accordinglyIdentify, extract, and leverage intelligence from APT
intrusionsExpand upon existing intelligence to build profiles of
adversary groups Leverage intelligence to better defend against and
respond to future intrusionsCorrelate data from intrusion detection
and prevention systems with data from other sources such as
firewall, web server, and DNS logsNotify the management team of
significant changes in the security threat against the government
networks in a timely manner and in writing via established
reporting methodsCoordinate with appropriate organizations within
the intelligence community regarding possible security incidents.
Conduct intra-office research to evaluate events as necessary,
maintain the current list of coordination points of contact.Review
assembled data with firewall administrators, engineering, system
administrators and other appropriate groups to determine the risk
of a given eventMaintain knowledge of the current security threat
level by monitoring related Internet postings, Intelligence
reports, and other related documents as necessaryRequired
Experience/Skills:Minimum of 10 years of progressively responsible
experience in Computer Science, Cyber Security, Security
Engineering, Network Engineering with emphasis in cyber security
issues and operations, computer incident response, systems
architecture, data management Or 4 additional years of experience
in lieu of degreeExpert analytical and problem solving
skillsDemonstrated experience working nation state intrusion
setsThe ideal candidate will have expert level experience in one or
more of the following disciplines:Windows and/or Linux operating
systemsNetwork forensicsDemonstrated ability using at enterprise
scale:SysMon or EDR solutions for host-based Cyber Threat Hunting,
orNetflow/pcap or NDR solutions for network-oriented Cyber Threat
HuntingMalware analysis/reverse engineeringExploit
developmentOn-net pursuit/responseRequired Tools:Familiarity with
the following classes of enterprise cyber defense
technologies:Security Information and Event Management (SIEM)
systemsNetwork Intrusion Detection System/Intrusion Prevention
Systems (IDS/IPS)Host Intrusion Detection System/Intrusion
Prevention Systems (IDS/IPS)Network and Host malware detection and
prevention (NDR/EDR)Network and Host forensic applicationsWeb/Email
gateway security technologiesSecurity Orchestration, Automation,
and Response (SOAR)Required Certifications:CISSP or CEHDoD 8570 IAT
Level III or CSSP-SPMRequired Degree:BS (bachelor's degree in
electrical engineering, computer engineering, computer science, or
other closely related IT discipline)Security Requirements:TS/SCI
with Poly5.24.IGLB.JD.22For all positions requiring access to
technology/software source code that is subject to export control
laws, employment with the company is contingent on either verifying
U.S.-person status or obtaining any necessary license. The
applicant will be required to answer certain questions for export
control purposes, and that information will be reviewed by
compliance personnel to ensure compliance with federal law. ManTech
may choose not to apply for a license for such individuals whose
access to export-controlled technology or software source code may
require authorization and may decline to proceed with an applicant
on that basis alone.ManTech International Corporation, as well as
its subsidiaries proactively fulfills its role as an equal
opportunity employer. We do not discriminate against any employee
or applicant for employment because of race, color, sex, religion,
age, sexual orientation, gender identity and expression, national
origin, marital status, physical or mental disability, status as a
Disabled Veteran, Recently Separated Veteran, Active Duty Wartime
or Campaign Badge Veteran, Armed Forces Services Medal, or any
other characteristic protected by law.If you require a reasonable
accommodation to apply for a position with ManTech through its
online applicant system, please contact ManTech's Corporate EEO
Department at (703) 218-6000. ManTech is an affirmative
action/equal opportunity employer minorities, females, disabled and
protected veterans are urged to apply. ManTech's utilization of any
external recruitment or job placement agency is predicated upon its
full compliance with our equal opportunity/affirmative action
policies. ManTech does not accept resumes from unsolicited
recruiting firms. We pay no fees for unsolicited services.If you
are a qualified individual with a disability or a disabled veteran,
you have the right to request an accommodation if you are unable or
limited in your ability to use or access
Keywords: ManTech International Corporation, Rockville , Cyber Threat Hunt Subject Matter Expert, Other , Rockville, Maryland
Click
here to apply!
|