Cyber Hunt and Threat Lead

Own your opportunity to work with a client-focused agile small business. Make an impact by advancing our government organizations charged with keeping our country safe, prosperous, and secure. Zen Strategics, LLC is a cleared, minority-owned SBA 8(a) specialized consulting firm, offering innovative Cybersecurity, Cloud Migration, and Information Technology Modernization. We are a leading organization committed to delivering innovative solutions and ensuring the highest standards of security for our customers' digital assets. We are dedicated to staying ahead of evolving cyber threats and protecting our clients' data with cutting-edge technologies and proactive security measures.Position Description:Seize your opportunity to make a personal impact as a Cyber Hunt and Threat Lead. Zen is your place to make meaningful contributions to challenging projects and grow a rewarding career. As a Cyber Hunt and Threat Lead, you will be responsible for ensuring the security of our client’s Enterprise Security Operations Center. This position is a key member of our client delivery requiring a leader responsible for conducting advanced hunt activities in response to crises or urgent situations within their domain to mitigate immediate and potential threats. You will lead a team utilizing threat intelligence focused to identify undiscovered attacks and investigate all relevant response activities, often extending beyond typical penetration or system authorization activities. The team also assists system developers throughout the development cycle, ensuring delivered code meets cybersecurity requirements without the reporting requirements of a Red Team assessment. Your team provides comprehensive analysis of information systems to ensure security, identify flaws, and verify the effectiveness of countermeasures, leveraging various security capabilities, including threat intelligence, forensic capability, risk modeling, anomaly detection, and predictive data analytics. You will interface with Red Teams to strengthen possible vectors for compromise through collaborative scenarios and 'war games' on high-value targets. Additionally, your team will recommend strategies to prevent insider threats and respond to potential breaches.Responsibilities:As the Cyber Hunt and Threat Lead, you’ll be Zen’s lead and expert communicating effectively with government personnel, maintaining appropriate contractor management interface with CISO and leadership. The Cyber Hunt and Threat Lead is responsible for conducting activities in support of incident and compromise response, preparing detailed technical reports, and continuously developing, maintaining, and optimizing all program documentation related to hunt activities. This includes Concept of Operations, Guidelines, and Standard Operating Procedures. You provide guidance to system owners, information system security officers, and Incident Response Teams, monitor industry threat intelligence sources, and proactively tune tools. You will be the program’s SME, leading collaboration with internal and external entities, including OIG, US-CERT, and third-party contractors, to support cyber threat intelligence and hunt activities as needed. You will conduct various security briefs and reporting for staff, executive management, and stakeholders, provide expertise to business owners and system stakeholders on secure development, implementation, and operation of systems, and conduct risk analysis for vulnerabilities, incidents, and change requests. Your threat management team ensures optimal security posture by identifying ongoing, immediate, and emerging threats to the organization, including insider threats, threat actors, attack vectors, and breach scenarios. You will develop, maintain, and optimize a cyber insider threat program, support profiling and assessing insider threats, maintain an automated integration system for cyber threat intelligence, conduct quarterly reviews, and provide weekly cyber threat briefs. You will prepare and maintain program reports, monitor threat intelligence sources, provide intelligence on relevant topics, conduct threat operations, and contribute to incident response activities by providing contextual threat intelligence packages.What You’ll Need to Succeed:Experience: 10+ years of experience in systems/infrastructure security monitoring and response on a variety of technologies (e.g., databases, networks, storage, servers, directories, etc.).At least five (5) years of experience in threat analysis able to perform network intrusion analysis, packet analysis, and/or warning intelligence support (planning, execution and assessment of threats).Education: Bachelor of Science in an Information Technology or Cybersecurity field preferred.Certification: Active/Good standing professional certification(s) in several of the following: CISSP, CISM, CEH, GCIH, GCFA, CASP+, GCTI, CCTIA, C|TIA, CCIP, or CISA highly recommended.Demonstrable history of successfully leading an incident response team in an enterprise environment. Strong technical understanding of Office 365 and Windows Server.Experience with operational toolsets that include but are not limited to; Azure Security Center, ForeScout, Microsoft Defender Products, Microsoft Sentinel, RSA Archer, Forcepoint, Gigamon, Splunk, Tenable Nessus, Palo Alto, Azure Active Directory, Cisco routers and switches, Cisco ASA and NGFW platforms, Cisco ISE, Akamai, F5.Experience with all relevant OMB Memorandums, NIST Special Publications, FITARA and standard best practice and federal guidance related to cybersecurity and infrastructure compliance.Strong ability to follow policy and procedures, analytical, and problem-solving skills.Define and track success measures to ensure alignment with intended outcomes.Excellent communication skills and attention to detail.

#J-18808-Ljbffr