Leidos
The U.S. Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is a U Government program responsible to prevent, identify, contain and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including LAN/WAN, commercial Internet, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The CBP SOC is responsible for the overall security of CBP enterprise-wide information systems, and collects, investigates, and reports any suspected and confirmed security violations.
Leidos is seeking an experienced
Cyber Threat Hunt Analyst
to join our team. As a member of this highly technical Cyber Threat Hunt team supporting U.S. Customs and Border Protection (CBP), you will be responsible for in-depth technical analysis of network and endpoint logs & activity, executing various types of cyber threat hunts on agency assets, escalating findings as deemed appropriate, and authoring technical reports summarizing operations and findings in support of the protection of the customers’ systems, networks, and assets.
Primary Responsibilities
Conduct cyber threat analysis and identify mitigation and/or remediation courses of action; develop actionable intelligence used to protect IT assets; and trend cyber threat metrics for leadership awareness.
Utilize threat intelligence and threat models to create threat hypotheses for threat hunts.
Identify, track, and investigate high priority threat campaigns, malicious actors with relevant TTPs.
Execute ad-hoc threat hunts on agency assets, networks, and systems to identify threat activity that may evade endpoint detection tools.
Use MITRE ATT&CK framework to understand adversary TTPs, plan hunts around ATT&CK techniques and sub-techniques.
Maintain a comprehensive understanding of the cyber threat landscape and analyze threat actors to enhance cybersecurity posture.
Prepare and report risk analysis and threat findings to stakeholders.
Create and recommend new security content (signatures, alerts, workflows, automation) based on hunt results.
Coordinate with teams to improve threat detection, response, and overall security posture.
Plan, scope, and execute threat hunt missions; deconflict findings and elevate as necessary.
Search systems and networks to detect advanced threats.
Analyze host, network, and application logs and malware/code.
Develop scripts to support threat detection, outputting results in various formats (VB, Python, C++, HTML, XML).
Produce high‑quality technical products, briefings, and whitepapers with minimal supervision.
Maintain daily battle rhythm for the threat hunt team, ensuring deadlines, detail, and clear communication.
Implement procedures for remediation or escalation decisions.
Author technical reports and briefings to keep leadership aware of findings.
Create daily, weekly, and monthly reports and metrics for products and briefings.
Process technical data, fuse intelligence, and manage threat hunt tools.
Basic Qualifications
Minimum of five (5) years of professional experience in incident detection and response, malware analysis, or cybersecurity forensics.
Bachelor’s degree in Computer Science, Engineering, IT, Cybersecurity, or related field, with at least three (3) years of relevant experience.
At least 2 years recent experience with host‑based and network‑based security monitoring.
Experience developing scripts for threat detection (VB, Python, C++, HTML, XML).
Established experience with incident response, SIEM, host/network logs, and regex.
Ability to work independently with minimal direction; self‑starter.
Must be a U.S. citizen.
Required Certifications
CompTIA Cyber Security Analyst (CySA+)
CompTIA Linux Network Professional (CLNP)
CompTIA PenTest+
CompTIA Cybersecurity Analyst (CySA+)
GPEN – Penetration Tester
GWAPT – Web Application Penetration Tester
GSNA – System and Network Auditor
GISF – Security Fundamentals
GXPN – Exploit Researcher and Advanced Penetration Tester
GWEB – Web Application Defender
GNFA – Network Forensic Analyst
GMON – Continuous Monitoring Certification
GCTI – Cyber Threat Intelligence
GOSI – Open Source Intelligence
OSCP – Offensive Security Certified Professional
OSCE – Offensive Security Certified Expert
OSWP – Offensive Security Wireless Professional
OSEE – Exploitation Expert
CCFP – Certified Cyber Forensics Professional
CISSP – Certified Information Systems Security Professional
CEH – Certified Ethical Hacker
CHFI – Computer Hacking Forensic Investigator
LPT – Licensed Penetration Tester
CSA – EC Council Certified SOC Analyst (ECSA)
ENSA – EC-Council Network Security Administrator
ECIH – EC-Council Certified Incident Handler
ECSS – EC-Council Certified Security Specialist
ECES – EC-Council Certified Encryption Specialist
Preferred Qualifications
Five (5) years of hands‑on experience with host‑based and network‑based security monitoring.
Previous DOD, IC or Law Enforcement Intelligence or Counterintelligence training/experience.
Demonstrated experience planning and executing threat hunt missions.
Understanding of complex enterprise networks (routing, switching, firewalls, proxies, load balancers).
Knowledge of common networking protocols (HTTP, DNS, SMB, etc.).
Familiarity with both Windows and Linux systems.
Proficiency with scripting languages (Python or PowerShell).
Familiarity with Splunk SPL or Elastic DSL.
Clearance
CBP SOC employees must pass a 5‑year background investigation (BI).
Candidate must currently possess a Top Secret clearance with the ability to obtain a Top Secret/SCI clearance.
EEO Statement All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity, or other basis prohibited by law. All qualified applicants will be considered regardless of criminal history consistent with applicable law.
#J-18808-Ljbffr
Leidos is seeking an experienced
Cyber Threat Hunt Analyst
to join our team. As a member of this highly technical Cyber Threat Hunt team supporting U.S. Customs and Border Protection (CBP), you will be responsible for in-depth technical analysis of network and endpoint logs & activity, executing various types of cyber threat hunts on agency assets, escalating findings as deemed appropriate, and authoring technical reports summarizing operations and findings in support of the protection of the customers’ systems, networks, and assets.
Primary Responsibilities
Conduct cyber threat analysis and identify mitigation and/or remediation courses of action; develop actionable intelligence used to protect IT assets; and trend cyber threat metrics for leadership awareness.
Utilize threat intelligence and threat models to create threat hypotheses for threat hunts.
Identify, track, and investigate high priority threat campaigns, malicious actors with relevant TTPs.
Execute ad-hoc threat hunts on agency assets, networks, and systems to identify threat activity that may evade endpoint detection tools.
Use MITRE ATT&CK framework to understand adversary TTPs, plan hunts around ATT&CK techniques and sub-techniques.
Maintain a comprehensive understanding of the cyber threat landscape and analyze threat actors to enhance cybersecurity posture.
Prepare and report risk analysis and threat findings to stakeholders.
Create and recommend new security content (signatures, alerts, workflows, automation) based on hunt results.
Coordinate with teams to improve threat detection, response, and overall security posture.
Plan, scope, and execute threat hunt missions; deconflict findings and elevate as necessary.
Search systems and networks to detect advanced threats.
Analyze host, network, and application logs and malware/code.
Develop scripts to support threat detection, outputting results in various formats (VB, Python, C++, HTML, XML).
Produce high‑quality technical products, briefings, and whitepapers with minimal supervision.
Maintain daily battle rhythm for the threat hunt team, ensuring deadlines, detail, and clear communication.
Implement procedures for remediation or escalation decisions.
Author technical reports and briefings to keep leadership aware of findings.
Create daily, weekly, and monthly reports and metrics for products and briefings.
Process technical data, fuse intelligence, and manage threat hunt tools.
Basic Qualifications
Minimum of five (5) years of professional experience in incident detection and response, malware analysis, or cybersecurity forensics.
Bachelor’s degree in Computer Science, Engineering, IT, Cybersecurity, or related field, with at least three (3) years of relevant experience.
At least 2 years recent experience with host‑based and network‑based security monitoring.
Experience developing scripts for threat detection (VB, Python, C++, HTML, XML).
Established experience with incident response, SIEM, host/network logs, and regex.
Ability to work independently with minimal direction; self‑starter.
Must be a U.S. citizen.
Required Certifications
CompTIA Cyber Security Analyst (CySA+)
CompTIA Linux Network Professional (CLNP)
CompTIA PenTest+
CompTIA Cybersecurity Analyst (CySA+)
GPEN – Penetration Tester
GWAPT – Web Application Penetration Tester
GSNA – System and Network Auditor
GISF – Security Fundamentals
GXPN – Exploit Researcher and Advanced Penetration Tester
GWEB – Web Application Defender
GNFA – Network Forensic Analyst
GMON – Continuous Monitoring Certification
GCTI – Cyber Threat Intelligence
GOSI – Open Source Intelligence
OSCP – Offensive Security Certified Professional
OSCE – Offensive Security Certified Expert
OSWP – Offensive Security Wireless Professional
OSEE – Exploitation Expert
CCFP – Certified Cyber Forensics Professional
CISSP – Certified Information Systems Security Professional
CEH – Certified Ethical Hacker
CHFI – Computer Hacking Forensic Investigator
LPT – Licensed Penetration Tester
CSA – EC Council Certified SOC Analyst (ECSA)
ENSA – EC-Council Network Security Administrator
ECIH – EC-Council Certified Incident Handler
ECSS – EC-Council Certified Security Specialist
ECES – EC-Council Certified Encryption Specialist
Preferred Qualifications
Five (5) years of hands‑on experience with host‑based and network‑based security monitoring.
Previous DOD, IC or Law Enforcement Intelligence or Counterintelligence training/experience.
Demonstrated experience planning and executing threat hunt missions.
Understanding of complex enterprise networks (routing, switching, firewalls, proxies, load balancers).
Knowledge of common networking protocols (HTTP, DNS, SMB, etc.).
Familiarity with both Windows and Linux systems.
Proficiency with scripting languages (Python or PowerShell).
Familiarity with Splunk SPL or Elastic DSL.
Clearance
CBP SOC employees must pass a 5‑year background investigation (BI).
Candidate must currently possess a Top Secret clearance with the ability to obtain a Top Secret/SCI clearance.
EEO Statement All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity, or other basis prohibited by law. All qualified applicants will be considered regardless of criminal history consistent with applicable law.
#J-18808-Ljbffr