Cyber Hunter SME - 0010CWFH - 1497

Clearance Level: Able to Obtain Security Clearance (Desirable Secret)

US Citizenship: Required

Job Classification: On-Call

Location: Remote

Years of Experience: 5

Education Level: Bachelors or 7 years of experience

Position Description: Global InfoTek Inc. is seeking a Cyber Hunt SME to detect, isolate, and eliminate advanced persistent threats (APTs) and other sophisticated cyber threats that evade traditional security solutions. Able to identify different APT groups, their methodologies, and indicators of compromise (IoCs).

Required Technical Skills

• MITRE ATT&CK Framework: Experienced with using MITRE ATT&CK framework.
• Hunt Hypotheses: Able to formulate hypotheses based on threat intelligence, past incidents, or known tactics, techniques, and procedures (TTPs) of threat actors.
• Proactive Hunting: Experienced using strategies for proactive threat hunting, including the identification of anomalies within an environment that indicate a compromise.
• Incident Response and Threat Hunting Tools: Experienced with using Security Information and Event Management (SIEM) systems for real-time analysis of security alerts.
• Forensic Tools: Experienced with using forensic tools like Encase, FTK, or Volatility for memory and disk analysis.
• Packet Analysis: Experienced with analyzing network packets using tools like Wireshark or tcpdump.
• Flow Data Analysis: Understand NetFlow/IPFIX data analysis for identifying unusual network behaviors.
• Endpoint Detection and Response (EDR) Tools: Experienced with using EDR tools such as CrowdStrike Falcon, Carbon Black, or SentinelOne.
• Forensic Examination: Can perform forensic analysis on various types of digital media.
• Memory Forensics: Analyze memory dumps to find malicious processes and activities.
• User and Entity Behavior Analytics (UEBA): Experienced with using UEBA tools to detect anomalies based on behaviors and implement them in cyber hunt activities.

Required Training:

• NIST SP 800-53 (Security and Privacy Controls)
• SP 800-37 (Risk Management Framework)
• SP 800-30 (Risk Assessment)
• NIST SP 800-61 (Incident Response Frameworks)

Desirable Certifications and Training:

• GIAC Certified Incident Handler (GCIH)
• GIAC Network Forensic Analyst (GNFA)
• GIAC Cyber Threat Intelligence (GCTI)
• Certified Ethical Hacker (CEH)
• Certified Information Systems Security Professional (CISSP)

Global InfoTek, Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

About Global InfoTek, Inc. Reston, VA-based Global InfoTek Inc. is a woman-owned small business with an award-winning track record of designing, developing, and deploying best-of-breed technologies that address the nation's pressing cyber and advanced technology needs. For more than two decades, GITI has merged pioneering technologies, operational effectiveness, and best business practices to rapidly provide low-cost, agile solutions to DoD, DHS, and IC customers. In addition to its Reston office, GITI has operations in San Antonio, TX, Colorado Springs, CO, and Rome, NY.