Edgewater Federal Solutions
Threat Hunter
Edgewater Federal Solutions, Bethesda, Maryland, us, 20811
Threat Hunter
Job Locations
US-MD-Bethesda
ID
2024-3464
Category
Information Technology
Type
Full Time
Overview
Edgewater Federal Solutions is currently seeking a Mid-Level Threat Hunter to provide threat hunting expertise and support to maximize cyber fusion throughout the Client's SOC, ensuring the Client's infrastructure and operations remain safe and secure from the full spectrum of cyber threats. The Mid-Level Threat Hunter will support Client SOC teams by providing industry-leading threat hunt support to ongoing and significant incidents as well as by engaging in proactive, hypothesis-driven hunts for threats assumed to already be in the Client environment who may have evaded existing detections. Additionally, the Mid-Level Threat Hunter must be skilled in related disciplines including incident response, forensics, and malware analysis, and be able to integrate these skills to assist in the closure of cybersecurity incidents.Responsibilities
Respond to crisis or urgent situations to mitigate immediate and potential threats.
Investigate and analyze all relevant response activities, identifying and assessing the capabilities and activities of the full spectrum of cyber threats.Review and analyze risk-based Security Information and Event Management (SIEM) alerts to develop hunt hypotheses.Utilize open-source intelligence to inform hunt hypothesis development.Propose, discuss, and document custom searches for automated detection of threat actor activity based on hunt findings.Track and document cybersecurity incidents from detection to resolution.Participate in government-led after-action reviews of incidents.Triage malware events to identify the root cause of specific activity.Provide computer forensic support to high technology investigations, including evidence seizure, computer forensic analysis, and data recovery.Conduct malware analysis in out-of-band environments, including static and dynamic analysis of complex malware.Monitor and assess complex security devices for patterns and anomalies, tagging events for Tier 1 & 2 monitoring.Configure, deploy, and troubleshoot Endpoint Detection and Response agents (e.g., Crowdstrike and Sysmon).Collect and analyze data from compromised systems using EDR agents and custom scripts.Interface with IT contacts to install or diagnose problems with EDR agents.Plan, conduct, and document iterative, hypothesis-based hunts using the Agile Scrum project management methodology.Attend daily Agile Scrum standups and report progress on assigned Jira stories.Support the development of Deliverables including Hunt Hypotheses, Hunt Reports, Detection Logic, and Incident Reports.Qualifications
Minimum of 5 years of experience in cybersecurity threat hunting or incident response roles.Proficiency with threat hunting methodologies, tools, and techniques.Experience with IT Service Management ticketing systems (HEAT or ServiceNow preferred).Strong understanding of cloud-based and non-cloud-based applications such as Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers.Familiarity with Security Information and Event Management (SIEM) systems.Expert knowledge of Splunk ES and strong familiarity with Splunk SOAR.Knowledge of Agile Scrum project management methodology.Experience with Endpoint Detection and Response (EDR) agents such as Crowdstrike.Ability to conduct malware analysis, including static and dynamic analysis.Excellent communication and teamwork skills.Must possess at least ONE (NOT all) of the stated certifications:GCIAGCIHGSECGMONSecurity+Certified Splunk Core Power UserBachelor's degree in computer science, computer engineering, software engineering, cybersecurity, or related field.For badging purposes, US citizenship is required.Salary:
$135,000 - $140,000Additional benefits include:Paid Time Off & Holiday PayMedical InsuranceDental InsuranceVision InsuranceDisability, Life Insurance, and AD&DFlexible Spending AccountsPre-Tax 401K and/or After-Tax Roth IRA (with employer matching contribution)Tuition and Technical Training ReimbursementExercise ReimbursementComputer ReimbursementEmployee Assistance ProgramAbout Us:Edgewater Federal Solutions is a privately held government contracting firm located in Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services and timely delivery. Edgewater Federal Solutions is ISO 9001, 20000-1, 270001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies for 2018 through 2024.It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, and/or other statuses protected by applicable law.status protected by applicable law.
Job Locations
US-MD-Bethesda
ID
2024-3464
Category
Information Technology
Type
Full Time
Overview
Edgewater Federal Solutions is currently seeking a Mid-Level Threat Hunter to provide threat hunting expertise and support to maximize cyber fusion throughout the Client's SOC, ensuring the Client's infrastructure and operations remain safe and secure from the full spectrum of cyber threats. The Mid-Level Threat Hunter will support Client SOC teams by providing industry-leading threat hunt support to ongoing and significant incidents as well as by engaging in proactive, hypothesis-driven hunts for threats assumed to already be in the Client environment who may have evaded existing detections. Additionally, the Mid-Level Threat Hunter must be skilled in related disciplines including incident response, forensics, and malware analysis, and be able to integrate these skills to assist in the closure of cybersecurity incidents.Responsibilities
Respond to crisis or urgent situations to mitigate immediate and potential threats.
Investigate and analyze all relevant response activities, identifying and assessing the capabilities and activities of the full spectrum of cyber threats.Review and analyze risk-based Security Information and Event Management (SIEM) alerts to develop hunt hypotheses.Utilize open-source intelligence to inform hunt hypothesis development.Propose, discuss, and document custom searches for automated detection of threat actor activity based on hunt findings.Track and document cybersecurity incidents from detection to resolution.Participate in government-led after-action reviews of incidents.Triage malware events to identify the root cause of specific activity.Provide computer forensic support to high technology investigations, including evidence seizure, computer forensic analysis, and data recovery.Conduct malware analysis in out-of-band environments, including static and dynamic analysis of complex malware.Monitor and assess complex security devices for patterns and anomalies, tagging events for Tier 1 & 2 monitoring.Configure, deploy, and troubleshoot Endpoint Detection and Response agents (e.g., Crowdstrike and Sysmon).Collect and analyze data from compromised systems using EDR agents and custom scripts.Interface with IT contacts to install or diagnose problems with EDR agents.Plan, conduct, and document iterative, hypothesis-based hunts using the Agile Scrum project management methodology.Attend daily Agile Scrum standups and report progress on assigned Jira stories.Support the development of Deliverables including Hunt Hypotheses, Hunt Reports, Detection Logic, and Incident Reports.Qualifications
Minimum of 5 years of experience in cybersecurity threat hunting or incident response roles.Proficiency with threat hunting methodologies, tools, and techniques.Experience with IT Service Management ticketing systems (HEAT or ServiceNow preferred).Strong understanding of cloud-based and non-cloud-based applications such as Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers.Familiarity with Security Information and Event Management (SIEM) systems.Expert knowledge of Splunk ES and strong familiarity with Splunk SOAR.Knowledge of Agile Scrum project management methodology.Experience with Endpoint Detection and Response (EDR) agents such as Crowdstrike.Ability to conduct malware analysis, including static and dynamic analysis.Excellent communication and teamwork skills.Must possess at least ONE (NOT all) of the stated certifications:GCIAGCIHGSECGMONSecurity+Certified Splunk Core Power UserBachelor's degree in computer science, computer engineering, software engineering, cybersecurity, or related field.For badging purposes, US citizenship is required.Salary:
$135,000 - $140,000Additional benefits include:Paid Time Off & Holiday PayMedical InsuranceDental InsuranceVision InsuranceDisability, Life Insurance, and AD&DFlexible Spending AccountsPre-Tax 401K and/or After-Tax Roth IRA (with employer matching contribution)Tuition and Technical Training ReimbursementExercise ReimbursementComputer ReimbursementEmployee Assistance ProgramAbout Us:Edgewater Federal Solutions is a privately held government contracting firm located in Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services and timely delivery. Edgewater Federal Solutions is ISO 9001, 20000-1, 270001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies for 2018 through 2024.It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, and/or other statuses protected by applicable law.status protected by applicable law.