Job Directory Lead Cyber Hunter

Lead Cyber Hunter
San Francisco, CA

Companies like
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.

About

Job Description

Area Overview

The National Incident Response Team (NIRT), a national service provider for the Federal Reserve System, delivers effective and efficient national intrusion detection, incident response, security intelligence, threat assessment, and vulnerability assessment services for the Federal Reserve System. The mission of the National Incident Response Team is to play a leading role in the Federal Reserve System's efforts to protect its information systems against unauthorized use.

Principle Duties and Responsibilities

The mission of NIRT's Incident Detection and Analysis (IDA) team is to be an agile team that effectively detects, analyses and investigates information security incidents for its customers. The team is focused on ensuring the security and integrity of critical enterprise systems and environments through the use of various analytical data mining techniques and automated tactics. As a Lead Cyber Hunter, you are responsible for spear-heading the NIRT's cyber hunting capabilities holistically. Through partnerships as well as internal and external data collection and mining, you will search for deep, persistent threats that may not be detected by traditional techniques. You are also responsible for growing the team's cyber hunting capabilities through cross-training; you will serve as a cyber hunter domain expert for the NIRT. Furthermore you will execute core detection responsibilities in order to remain familiar with operational data.

* Leads investigations through data analysis and information gathering.
* Performs dedicated hunting for intelligence related to malicious activity that can impact the FRS network and digital assets.
* Maintain knowledge of meaningful adversary TTPs in order to help ensure that the offensive landscapes informs the team's defensive posture.
* Produce reports and presentations to illustrate results of cyber hunting activities.
* Plans and executes formal cyber hunt engagements for customers.
* Work with intelligence analysts to take action on meaningful intelligence products.
* Cross-trains detection analysts to expand the IDA team's cyber hunting capabilities through the development of a remote and onsite cyber hunting training package that supports individual and team training.
* Utilizes detection techniques from successful hunt engagements to provide feedback to the automation team.
* Provides input and technical expertise during 0-day scenarios, where existing detection fails to catch emerging TTPs.
* Ability to work weekends on a rotational basis with the rest of the team to ensure 24x7 coverage of Threat Analysis Center (TAC).

Technical Skills

* Strong security platform and technology capabilities; SIEM utilization skills with the ability to review and analyze security events from various monitoring and logging sources to identify and/or confirm suspicious activity.
* In-depth knowledge of, and experience with, cloud computing technology.
* In-depth knowledge of, and experience with, TCP/IP protocol and network/packet analysis.
* In-depth knowledge of current security threats, techniques, and landscape, as well as a dedicated and ambitious desire to research current information security landscape.
* In-depth conceptual and practical understanding of IT Infrastructure designs, technologies, products, and services. This should include knowledge of networking protocols, firewall functionality, host and network intrusion detection systems, operating systems, databases and other technologies.
* Working knowledge of Microsoft Office products, including Visio and Project.

Additional Skills

* Ability to obtain and maintain National Security Clearance.
* 4 years of cyber security work experience, with at least 2 years of cyber hunting experience.
* Hands on experience performing incident detection and analysis in a 24x7 operational environment is a plus
* Proven ability to collaborate, build relationships and influence individuals at all levels in a matrix-management environment

Education

Bachelor's degree in Computer Science, Cybersecurity, Information Assurance or a domain related field or an equivalent combination of education and work experience.

The Federal Reserve Bank of San Francisco is an Equal Opportunity Employer. Our people proudly reflect the diversity and ideas of the communities we serve.

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.