Are you interested in being part of a highly collaborative Cybersecurity Hunt Team?
Are you inquisitive and analytical with a Cybersecurity focus?
If so, we 're looking for someone like you to join our team at APL!
We are ranked as one of Computerworld 's Top Places to Work in IT 5 years running and we are seeking a Cybersecurity Hunt Analyst to help us hunt for sophisticated cyber threats operating in an actively changing cyber threat landscape. You will perform real-time incident handling, independently following and creating procedures to analyze and contain malicious activity. Collect evidence to include digital media, logs, and malware to perform analysis associated with cyber intrusions. Maintain an understanding of attack methodologies and use information operationally. Make recommendations and create or modify processes and procedures based on knowledge of sophisticated threat behaviors. Identify and analyze threats, using OSINT, Threat Intelligence and enrichment resources.
As a Cybersecurity Hunt Analyst, your main responsibility will be to proactively hunt, monitor, analyze, and respond to infrastructure threats, contribute to Computer Network Defense, and create solutions to augment Defensive Cyber Operations at APL.
In addition, you will...
- Develop and enhance content and methods for monitoring and incident response, using data extraction for further analysis.
- Develop and enhance processes, work flows, and documentation.
- Determine high fidelity behavioral patterns and create content in multiple tools.
- Participate in project and multi-functional security teams requiring interaction with system administrators, networking staff, application developers, IT operations staff, and cyber research and development areas within the organization in order to identify and implement information assurance controls and make risk mitigation recommendations for IT operations.
You meet the minimum requirements of the job if you...
Possess a Bachelor's Degree in Information Security, a security related field, or equivalent experience that provides the necessary knowledge, skill and abilities.
- Have 7 or more years of experience working in a complex network environment
- Have a proficient understanding of Linux operating systems (focus RHEL and Ubuntu), OS normal activities, OS internals, MITRE ATT&CK TTPs mapped to Linux systems, and identifying anomalous behaviors on Linux systems; and proficiency with extracting and manipulating data, using scripting languages such as Python, PowerShell, SPL or others.
- Have an understanding of operating systems normal activities and OS internals (Windows and Mac).
- Are able to demonstrate ambition to further current knowledge and understanding by exploring new concepts and applying to cyber security.
- Have experience analyzing and base-lining data with technologies like Splunk, ELK, Hadoop, or SQL.
- Are flexible to work outside of normal business hours, to include some overnight and/or weekend work, in support of incident response and project implementation tasks.
- Are able to obtain Secret level security clearance. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.
You go above and beyond our minimum qualification if you...
- Possess a Master 's Degree in Information Security Assurance or security related field
- Have demonstrated ability in operational cybersecurity environment
- Are experienced with Assume Breach methodologies and proficient understanding of advanced attack methodologies of Nation State adversaries, including living off the land; TTPs outlined in MITRE ATT&CK framework.
- Can develop and enhance content and methods for monitoring and incident response
- Have technical experience in some of the following areas: Endpoint Detection & Response, Active Directory and authentication anomalies, Suricata, Zeek, Full Packet capture technologies, Firewall, Proxy, and Sandbox technologies.
- Have experience with memory analysis, host-based anomaly detection, network anomaly detection, and authentication anomaly detection.
- Have experience and understanding of Red Team and Threat Emulation TTPs.
Why work at APL?
The Johns Hopkins University Applied Physics Laboratory (APL) brings world-class expertise to our nation's most critical defense, security, space and science challenges. While we are dedicated to solving complex challenges and pioneering new technologies, what makes us truly outstanding is our culture. We offer a vibrant, welcoming atmosphere where you can bring your authentic self to work, continue to grow, and build strong connections with inspiring teammates.
At APL, we celebrate our differences and encourage creativity and bold, new ideas. Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance. APL's campus is located in the Baltimore-Washington metro area. Learn more about our career opportunities at http://www.jhuapl.edu/careers.
APL is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender identity or expression, sexual orientation, national origin, age, physical or mental disability, genetic information, veteran status, occupation, marital or familial status, political opinion, personal appearance, or any other characteristic protected by applicable law. APL is committed to promoting an innovative environment that embraces diversity, encourages creativity, and supports inclusion of new ideas. In doing so, we are committed to providing reasonable accommodation to individuals of all abilities, including those with disabilities. If you require a reasonable accommodation to participate in any part of the hiring process, please contact Accommodations@jhuapl.edu. Only by ensuring that everyone’s voice is heard are we empowered to be bold, do great things, and make the world a better place.
To apply please follow