Cyber Threat Hunt Lead

Gritter Francona is looking for a Cyber Threat Hunt Lead to support a potential project with the Department of Homeland Security. The Threat Hunt Lead will build and guide a proactive threat hunting capability for the Department of U.S. Customs and Border Protection (CBP). The Threat Hunt Lead will direct a specialized team in proactively searching for malicious activity across CBP networks that evades traditional security solutions. This role requires an offensive mindset, deep knowledge of attacker TTPs, and expert-level skills with SIEM and endpoint management tools. The Threat Hunt Lead will be responsible for developing hunt hypotheses, executing hunt missions, and coordinating with the SOC to create new detections based on your findings.

Key Responsibilities:

• Lead the CTH team to proactively and iteratively conduct threat hunting efforts against CBP networks, systems, and high value assets to detect and isolate advanced threats.

• Utilize threat models and Cyber Threat Intelligence to formulate hypotheses about attacker activity on CBP networks and systems to investigate during formal hunt missions.

• Propose corrective actions and inform necessary parties of security issues, reportable offenses, or cybersecurity best practices.

• Work with the CBP SOC to create new security content, including signatures and detection alerts, resulting from hunt missions and Purple Team engagements.

• Lead the Cyber Threat Hunt team to report significant findings to leadership and coordinate with asset owners to deconflict findings.

• A minimum of five (5) years of experience as a Tier III senior cyber threat hunt analyst performing threat analysis, technical analysis, and network asset traversal.
• A minimum of five (5) years of hands-on experience, including recent experience with network-based security monitoring using cybersecurity capabilities.
• A strong background in host and network-based forensics, intrusion detection, malware identification, and security content development.
• Deep knowledge of and experience with security information and event management (SIEM) and networked-device management tools such as Splunk and Tanium.
• Experience interpreting scripts (e.g., VB scripts, Python, C++) to support cyber threat detection.
• Certified Ethical Hacker (CEH) or one of the following: DoD 8570 IAT Level II or IAM Level I or CSSP Analyst / Incident Responder.

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k, IRA)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off (Vacation, Sick & Public Holidays)
• Short Term & Long Term Disability
• Training & Development