Threat Hunting Lead (Subject Matter Expert II)

Aretec Inc

John C. Stennis Space Center, MS 39529, USA

Published: 6/14/2022

Real Estate

Full Time

Job Description

Threat Hunting Lead (Subject Matter Expert II)

Us:

At Aretec, Inc., we are catalysts for change within the federal government landscape. Specializing in advanced analytics, machine learning, data analysis, cybersecurity, and business optimization, we empower federal agencies to achieve their most critical missions. As a premier partner and prime vendor, we deliver innovative, high-impact solutions that address complex challenges and drive national progress. Our commitment to excellence and innovation positions us at the forefront of transforming governmental operations, enhancing efficiency, and making a lasting difference in the lives of citizens.

You:

You are a strategic and highly skilled cybersecurity professional with a passion for uncovering sophisticated threats that evade traditional defenses. You thrive in complex environments where active threat hunting, deep packet analysis, and adversary emulation drive proactive cyber defense. You lead teams with precision and purpose-collaborating, analyzing, and innovating to stay ahead of advanced persistent threats (APTs). You are motivated by mission-critical work, guiding others to detect, analyze, and mitigate risks that could impact national systems and operations.

What We're Looking For:

We are seeking a Threat Hunting Lead (Subject Matter Expert II) who will play a pivotal role in enhancing our cybersecurity posture and advancing the missions of our federal partners. In this role, you will guide an active cyber defense team that proactively searches the enterprise to detect malicious, hard-to-detect activities that may bypass existing security tools. You will design strategies, lead investigations, and refine threat detection processes to ensure the confidentiality, integrity, and availability of USCIS systems and infrastructure.

Your responsibilities will include: • Leading Innovative Projects: Direct a team providing 12x5 support (with after-hours on-call) to detect, analyze, and mitigate targeted and sophisticated threats. • Advanced Analysis: Oversee advanced traffic analysis at the packet level to identify anomalies, patterns, and malicious activity within USCIS networks. • Threat Detection Strategy: Design and implement structured methodologies to assess and enhance anomaly detection capabilities across USCIS applications. • Policy Development: Identify and develop enhancement opportunities for cyber defense policies and procedures. • Collaborative Threat Response: Coordinate with the SOC to assess and monitor key risk areas continuously, ensuring a unified defensive posture. • Reporting and Communication: Provide actionable recommendations and produce comprehensive reports detailing findings, mitigation strategies, and lessons learned. • Data-Driven Defense: Develop and implement plans to assess existing SIEM (e.g., Splunk) data for anomalies and potential indicators of compromise.

By stepping into this role, you will directly contribute to the success of our federal partners' missions-driving meaningful, proactive defense against evolving cyber threats and ensuring the security of critical national systems.

The Skills We're Looking For:

Technical Expertise: Advanced experience in threat hunting, network traffic analysis, and tools such as Splunk, Wireshark, or similar platforms. • Analytical Mindset: Exceptional ability to dissect complex attack vectors and identify hidden threats within vast datasets. • Leadership Abilities: Proven experience leading cybersecurity teams, guiding investigations, and managing 24x7 or extended-hour support environments. • Effective Communication: Skilled at preparing clear, detailed reports and presenting threat findings and recommendations to executive and technical audiences. • Commitment to Mission: Deep understanding of federal cybersecurity operations and a strong commitment to advancing national security initiatives.

Required Qualifications: • Location/Telework: Staffed in the SOC at Stennis Space Center or able to meet the requirements for Telework. • Education/Experience:

Bachelor's degree (BA/BS) or a minimum of three (3) years of experience in forensics and incident response.
Minimum of two (2) years of experience with Splunk, Wireshark, or comparable tools. • Certifications: Must have and maintain at least two active certifications, such as:
Certified Digital Forensics Examiner (CDFE)
Digital Media Collector
SANS GCIH
ISC² CISSP (or other comparable certification approved in advance by the Security Operations Branch PM) • Security Clearance:
Must be able to attain up to a Final TOP SECRET SCI Clearance.
Must meet SCI eligibility (ICD 704) with no waivers or conditions.

The Expectations of the Job:

Day One: • Orientation and Onboarding: Immerse yourself in Aretec's cybersecurity culture and mission. Begin engaging with the SOC team and familiarize yourself with current detection frameworks and defense tools.

Day Thirty: • Active Contribution: Participate in ongoing threat hunting and analysis activities. Identify initial areas for detection improvement and begin contributing to team operations.

Day Sixty: • Project Leadership: Lead structured hunts, assess anomaly detection capabilities, and refine workflows for faster threat identification. • Strategic Planning: Contribute to strategy development for long-term detection and mitigation initiatives.

Day Ninety: • Full Ownership: Take full command of threat hunting operations, directing hunts and refining detection logic across platforms. • Innovation and Improvement: Identify and implement new hunting techniques, automate detection processes, and enhance data correlation. • Mentorship Role: Coach junior analysts, fostering an environment of collaboration and continuous improvement.

Additional Notes:

Benefits At Aretec, we believe that our employees are our greatest asset. We offer a comprehensive benefits package designed to support your health, well-being, and professional development:

Health, Dental, and Vision Insurance: Comprehensive coverage to keep you and your family healthy. • 401(k) Plan with Employer Match: Invest in your future with our competitive retirement savings plan. • Certification Stipends: Support for obtaining professional certifications that enhance your skills and career trajectory. • Professional Development Opportunities: Access to training, workshops, and conferences to stay at the forefront of cybersecurity advancements. • Flexible Work Arrangements: Options that promote a healthy work-life balance, including remote work opportunities and flexible scheduling. • Paid Time Off and Holidays: Generous PTO policy to relax, recharge, and spend time with loved ones.

Citizenship Requirement Please note that due to the nature of our federal contracts and the secure environments in which we operate, only applicants who are sole U.S. Citizens can be considered for this position. This requirement is in compliance with federal regulations and is essential for the roles we fulfill within government agencies.

Equal Opportunity Employer Aretec, Inc. is proud to be an Equal Opportunity Employer. We are committed to creating an inclusive environment for all employees and applicants. All qualified individuals will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other legally protected characteristics.