Cyber Hunt Analyst
Synergy ECP · Columbia, MD · 3 days ago
EngineeringFull-time
About the role
Synergy ECP is a Service-Disabled Veteran-Owned Small Business (SD(VOSB)) that provides a broad range of services to the defense, intelligence, and health care industries. We have a client list that includes numerous Fortune 100 companies, multiple branches of the US government and military services, and we are committed to equal opportunity employment.
Responsibilities
- Discover and characterize network and platform anomalies to include cross domain violations and submit findings to the Reporting Team Lead for analysis and report generation
- Monitor, identify and analyze anomalous network activities on various networks
- Conduct multi-source threat analyses to examine host behaviors and network traffic for high priority malicious attacks, anomalous traffic, or other incidents of interest, as well as generate reports as appropriate
- Integrate Cyber Threat Intelligence to inform customers on newly discovered threats and vulnerabilities associated with the technologies used in the enterprise for the purpose of developing hunt analytics
- Monitor adversarial capabilities, exploits, vulnerabilities, mitigation techniques, and best practices information and guidance through all-source research
- Identify areas for deeper dive analysis of threat and vulnerabilities
- Examine network topologies to understand data flows through networks and provide mechanisms to tip countermeasures
- Implement the applicable reporting guidelines outlined in applicable directives and guidance
- Conduct research/planning for strategy development in response to real-time operational requirements
- Identify and document gaps in all data (e.g., netflow, syslog, etc.) that affect the customer mission in order to determine how to better posture mission capabilities
- Develop, document and synchronize the recommendations and the tasking of signature and rule sets across all sensors e.g., IDS, FW, etc. used by the customer
- Knowledge of systems configuration and management of firewalls, IDS, servers and workstations
- Experience with Red Team and/or Penetration Testing
- Experience collecting data and reporting results; handling and escalating security issues or emergency situations appropriately; providing incident response capabilities to isolate and mitigate threats to maintain confidentiality, integrity, and availability for protected data
- Demonstrated experience supporting external investigations
- Familiarity with software development and network operations concepts and methodologies
- Advanced knowledge of information systems security concepts and technologies; network architecture; general database concepts; document management; hardware and software troubleshooting; intrusion tools; and computer forensic tools such as EnCase and open source alternatives
- Experience with the Windows and Linux operating systems
- Experience with investigating malicious code
- Experience with scripting (PowerShell, Python, Java)
Qualifications
- Tier III Analyst experience
- Network Analytics
- Incident Investigations
- Reverse Engineering and Malware Analysis
- Task Prioritization
- Strong comfort level with IPv4, TCP/IP, and RFC data, low level networking and protocols, TCP/UDP Ports for Apps, and understanding of what is normal/abnormal endpoint and on-wire activity
- Experience in Cloud Environment using cloud analytics and PIG scripts/jobs to present data and using the Hadoop Distributed File System
- Experience with Wireless and SCADA
Desired Skills
- Notification sources are Antivirus, HIDS, NIDS, IPS, and Firewalls
- Experience with SIEMs or scripting to pull data into usable formats
- Ability to work extremely well under pressure while maintaining a professional image and approach
- Exceptional information analysis abilities; ability to perform independent analysis and distill relevant findings and root cause