Threat Hunter

Zachary Piper Solutions is in search of an Incident Response Analyst - Threat Hunter for a legacy project supporting the IRS, with a focus on safeguarding the IRS Network and its associated data/assets
This role, based in New Carrollton, MD, operates in a hybrid (1 day/week onsite) capacity within the IRS Computer Security Response Center (CSIRC)
Responsibilities of the Treat Hunter:
• Establishing normalized traffic and data flow baselines for anomaly identification.
* Developing technical theories based on threat intelligence.
* Identifying adversary techniques, tactics, and procedures through behavior pattern analysis.
* Demonstrating comprehensive knowledge of threat vectors and their implications on cybersecurity risks for the federal government.
Qualifications of the Threat Hunter:
• Incident Handling Experience working in SOC/CIRT Environment (Not Screen Watchers)
* Proficiency in Splunk Search Processing Language (SPL) for query execution.
* Hands on (in a production environment) experience in Packet Capture (PCAP) Analysis.
* 3-4 years of relevant professional experience.
* Ability to secure an IRS Public Trust security clearance
* Citizenship: United States Citizenship required
Preferred Qualifications (not required):
• Attacker methodology, Red Team, and Penetration testing
* Experience using a scripting language to solve Cyber Security challenges
(Python preferred)
* Ability to Correlate Logs from multiple sources- Log Analysis, Correlation Rules, etc.
* SANS GIAC Certified- https://www.giac.org/certifications/get-certified/roadmap
* Experience with analyzing malware and extracting indicators/call out
* Extracurricular experience is huge bonus points
E.g.- Capture the Flag competitions, Hack The Box, Cyber Club in College, home lab cyber practice to further skills in the field
Compensation for the Threat Hunter:
• Salary: $75,000 - $85,000/ year (depending on experience)
* Term: long term contract
* Benefits: Cigna Medical, Dental, Vision, 401K, 2 weeks Paid Time Off (PTO)
* Work Location: Hybrid - 1x day per week at IRS in New Carrollton, MD
* Shift: 6am-2pm Keywords: Cybersecurity, Incident Response, Splunk, Packet Capture, Network Forensics, Threat Hunting, Intrusion Detection, Log Analysis, SIEM (Security Information and Event Management), Malware Analysis, Network Traffic Analysis, Forensic Analysis, Threat Intelligence, Security Operations Center (SOC), Vulnerability Assessment, IDS/IPS (Intrusion Detection System/Intrusion Prevention System), PCAP Analysis, Network Security, Anomaly Detection, Endpoint Detection and Response (EDR), Cyber Threats, Cyber Attack, Threat Mitigation, Forensic Investigation, Digital Forensics, Security Incident, Data Breach, Advanced Persistent Threat (APT), Insider Threat, Security Policies, Compliance Management, Security Architecture, Security Operations, Incident Handling, Network Security Monitoring (NSM), Security Awareness Training, Security Risk Assessment, Threat Intelligence Platforms (TIP), Security Analytics, Insider Threat Detection, splunk, Splunk, cyber, cyber security, incident response, IR, threat hunter, threating hunting, IDS tools, IDS, PCAP, packet capture analysis, Wireshark, WireShark, Snort, Configures, implements, troubleshoots, Virtual Local Area Networks, Access Control Lists, 802.1x port-based network access control, Virtual Private Networks, Network Time Protocol, Simple Network Management Protocol version 3, Remote Authentication Dial-In User Service, Dynamic Host Configuration Protocol, Microsoft's Network Policy Server, and General Dynamics' GEM One Encryptor Manager, cisco, network admin, network engineer, NetOps, NetworkOps, Net Ops, network operations, CASP, CISA, CISSP, CCNP, CCNA, transitioning veteran, veteran, IT, military, army, navy, national guard, data integrator, data scientist, terraform, AWS, Azure, Google Cloud, cloud, migration, consulting, engineer, CloudFormation, Solutions, infrastructure, functionality, SQL DBA, SQL, SQL database, MS SQL Server, MS SQL, Microsoft SQL, Tableau, Power BI, Crystal, Crystal Reports, SQL Server Report Builder, MS SSRS, SSRS, Database administrator, SQL, DBA, Windows, ACAS, STIG's, STIGS, HBSS, server, server maintenance, Sec+, Security+, IAT, CompTIA, certification, Active Directory, Powershell, scri[ting, windows deployment server, WDS, AD, PKI, Smart Card Login, Windows 2016, Windows 2010, desktop, DevOps, dev ops, fsp, fullscope, full-scope, polygraph, poly, databricks, AWS, YAML, python, java, EC2, S3, cloud formation, Nifi, Pentaho, Apache airflow, UI/UX, Lifecycle, Jenkins, Git, Puppet, DOD, Secret, Top Secret, SAS, R Studio, SPSS, Python, Power BI, Secret Cleared, Top Secret Cleared, TS/SCI Cleared, Laboratory, Data, Data gathering science, DHA, public health, health science, DoD, Department of Defense, Life Cycle Sustainment Plan, Acquisition Strategy, Simplified Acquisition Management Plan, Level of Repair Analysis, Source of Repair Analysis, Logistics Demonstration Planning and Execution, Product Support Package, Technical Manual Development and Finalization, Equipment Standardization, Memorandum of Agreements/Understanding, CDRL Reviews, Property Accountability of all GFE, APSR System updates, IUID Plan, biometrics, life cycle sustainment, life cycle, DoD, CPI, secret clearance, secret, SF, military, accounting, audit readiness, Finance, fund receipt, audit, auditor, financial, financial analyst, Disbursement, Military Pay, Civilian Pay, Travel Pay, Reimbursement Budget Authority and Execution, Contract Pay, Vendor Pay, Data Analysis, Machine Learning Engineer, Data Architect, Military Health, Data Operations Engineer, epidemiologist, disease control, COVID-19, Data Mining, Data Warehousing, Data Modeling, Data Visualization, DoD, CISA, security controls assessor, security control, security, CISSP, CISM, MCSE, CAP, FISMA regulation, FIPS standards, NIST 800 series, NIST Special Publications, Risk Management Framework, IT security, infrastructure, vulnerability assessment, reporting, firewalls, VPN, Data Loss Prevention, IDS/IPS, Web-Proxy, security audits, .Net, .net, SQL, server, framework, Kendo UI, query, data, integration, deduplication, interface, SAFe, agile, reconciliation, jira, confluence, COTS, OS patching, VersionOne, NetApp, Linux, linux, windows, Windows, Cloud, Commvault, active directory, Ansible, Jenkins, AccuRev, Gitlab Teradici, PCoIP, scripting, remote display protocols, sharepoint, SharePoint, Sharepoint, .NET, C#, developer, virtual machines, VMware VCenter hypervisor, Citrix XenDesktop, XenApp, Desktop Director, systems engineer, engineer, system, systems, systems engineering, citrix, Citrix, secret, system admin, administator, systems administrator, contracts, contract, contracts specialist, contract specialist, procurement, PD2, procurement desktop, technical writing, technical editor, editor, cybersecurity, cyber security, secret, TS, Top Secret, top secret, sci, clearance, government, DARPA, TS/SCI, DHS, federal, technical writer, business analyst, CONOPS, SOPs, standard operating procedures, sec+, security+, ITIL, ITILV4, adobe, Microsoft office, MS, .NET Framework, C#, AngularJS, Hyper Text Markup Language HTML, AJAX, ASP.NET, XML, JavaScript, Jquery, CSS, Microsoft SharePoint Designer, SharePoint Workflows, Web Services, REST, Keyword Query Language, KQL, SharePoint Server, Internet Information Server, IISsuite, SCI, sensitive compartmented information, operation procedures, mission notes, editing, 508 compliance, documentation, cyber, APT, advanced persistent threat, incident management, incident response, concept of operations mitigation plan, incident response, PTO, Arlington, Virginia, on-site, onsite, on site, benefits, 401k, medical, homeland security, DOD, ci polygraph, counterintelligence, cyber intelligence, cyber investigation, cybersecurity investigation, PTO, technical writing, technical writer, business analyst, technical analyst, technology write, air force, digital forensics, project management, jira, army, military, Patrick space force base, Patrick SFB, SFB, Lompoc, California, CA, cocoa beach, satellite beach, space, research, technology research, technical investigations, secret clearance, ts/sci, top secret, ts, secret clearance, dod, clearance, clearance, cloud project, aws, azure, veterans, retired veterans, #LI-AC3

---