Roles and Responsibilities:
Lead a team of Cyber Hunt and Threat Analysts (CHTA) determining if an event meets the criteria for additional cyber hunt investigation and/or constitutes a security incident subject to investigation.
Understand and provide insight, innovation and expertise that contributes to shaping the security vision of the organization.
Ability to apply tactics and techniques from industry best practices and experience with proven security frameworks such as the Mitre Att&CK Framework and the Cyber Threat Framework (such as the DHS .govCAR program) that will help to contribute to the security vision of the VA.
Familiarity with the federal Trusted Internet Connection (TIC) Reference Architecture
Strong communication and analytical skills:
o Effectively brief senior management on security assessments and recommendations.
o Create and disseminate summary reports, investigation reports, and threat briefs.
Provide overall Subject Matter Expertise for the following technical tools and processes that are included within the responsibilities of a CHTA technical team member.
o Review audit logs and identify any unusual or suspect behavior.
o Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks.
o Develop and execute custom scripts to identify host-based indicators of compromise.
o Implement new detection capabilities and improve upon existing security tools.
o Determine scope of intrusion identifying the initial point of access or source.
o Recommend remediation activities to secure the source or initial point of access of intrusion.
o Provide cyber threat intelligence collection & correlation in coordination with a cyber-threat team.
o Provide executive level cyber security strategic recommendations along with security engineering recommendations and custom solutions to counter adversarial activity
o Provide advanced technical capabilities, including Big Data Analytics, and Predictive Intelligence.
o Participate as an analyst point of presence during threat intelligence community exchanges.
o Provide proactive APT hunting, incident response support, and advanced analytic capabilities.
o Profile and track APT actors that pose a threat in coordination with threat intelligence support teams.
o Support the incident response process by providing advanced analysis services when requested to include recommending containment and remediation processes, independent analysis of security events, and reporting of identified incidents to Incident Handling (IH).
o Develop analytics to correlate IOCs and maximize threat detection capabilities based off defense analysis processes.