Job Description
Your Impact Own your opportunity to serve as a critical component of our nation’s safety and security. Make an impact by using your expertise to protect our country from threats. Job Description The Threat Hunt Lead is responsible for overseeing all cyber threat hunt, adversary analysis, malware analysis, and digital forensics mission activities under an upcoming government contract. Hunts will include operations within sensitive environments such as Operation Technology (OT), Industrial Control Systems (ICS) and other Critical Infrastructure (CI) networks. The successful leader directs multidisciplinary hunt and forensic teams providing full spectrum detection, analysis, and response capabilities that enable federal stakeholders to identify, understand, and counter sophisticated cyber threats across federal, State Local Tribal and Territorial (SLTT), commercial, critical infrastructure, and cloud environments. The Threat Hunt Lead ensures continuous detection of adversary behavior, manages simultaneously deployed hunt operations, oversees advanced malware and forensics workflows, and delivers high quality analytic products that inform national cyber defense actions. The role maintains readiness of personnel, tools, and flyaway kits to support rapid, remote, or onsite engagements. Key Responsibilities Adversary, Malware, and Forensics Analysis Oversight Oversee simultaneously deployed hunt operations teams performing adversary tool analysis, including dynamic and static malware analysis and full reverse engineering of binaries, scripts, malicious documents, and artifacts to determine functionality, behavior, and command and control mechanisms. Oversee simultaneously deployed teams conducting digital forensic analysis of affected systems to determine malware impact, persistence mechanisms, and threat actor behavior. Deep understanding of all levels of threat actor tools, techniques and procedures (TTPs) that actor(s) may deploy including advanced (AI/ML) modeling techniques. Extensive knowledge of emerging, established and nation-state level threat actor behaviors to include subversion and/or false flag operations techniques designed to circumvent established cyber inspections tools. In-depth ability to adapt to diverse cyber environments in which managed teams may not have access to on-site cyber tools (event correlation mechanisms) and manage teams that may need to “live off the land” with on-site-provided cyber tools. Strong knowledge of air-gapped environments and how direct simultaneously deployed hunt teams within them to ensure consistent reporting. Ensure simultaneously deployed teams develop custom scripts, tools, and analytic methods to identify, characterize, and visualize adversary techniques across hunt, malware, and forensics workflows within both established and a-typical cyber environments e.g., OT/ICS environments, commercial environments Ensure production of high quality indicators of compromise, detection artifacts, and adversary capability assessments that support national cyber defense operations. Thread Hunt Operations Management Oversee full spectrum hunt and incident response engagements, onsite and/or remote, ensuring simultaneously deployed teams identify threats, assess impact, and recommend remedial actions to local stakeholders. Direct continuous analysis of established and a-typical cyber defense sensor data, endpoint activity, network flows, cloud telemetry, and communications data to detect adversarial behavior and anomalous activity. Ensure simultaneously deployed hunt teams maintain continuous awareness of emerging attack techniques, threat actors, tools, and methodologies to remain effective and up to date. Oversee both classified and unclassified delivery of federal stakeholder branded analytic products, intelligence deliverables, threat assessments, and technical reports that contextualize adversary activity. Determine the mechanisms for the timely and accurate release of indicators to best ensure a proactive threat posture against cyber threat actors. Prepare, support the delivery of and oversee the creation of on-demand and formal reporting so as to ensure the timely and accurate reporting of shifting threat actor TTPs regardless of attribution. Understand, direct, oversee and ensure adherence to established frameworks of reporting mechanisms such as MITRE ATT&CK (Enterprise, Mobile, ICS, etc.) Host Based, Network, Cloud, and OT/ICS Forensics Leadership Oversee simultaneously deployed teams performing forensic examination across host systems and digital media (phones, hard drives, memory images, etc.) Direct simultaneously deployed network forensics operations to identify threat attacker behavior, develop network signatures, analyz