ClearFocus Technologies, a HUBZone certified company, is located in Leesburg, VA. We specialize in cybersecurity and support multiple government and commercial clients for a variety of missions. We value our clients, integrity and employees and believe a single person can make a difference!
We are committed to attracting and retaining the best and brightest talent who desire to work with industry leading technology to stay on top of their profession. We provide an excellent benefit package which includes medical, dental, vision, paid time off, 401(k), paid professional development reimbursement and more!
We are looking for a Threat Hunter to do the following tasks:
Collaborate with the different teams to better understand the customer environment
Create, maintain, and periodically evaluate standard operating procedures, playbooks, and hunt techniques
Utilize Threat Intelligence and Threat Models to formulate cyber threat hunt hypotheses and plans
Perform research and analysis of incidents, threats, vulnerabilities, TTPs and other malicious/non-malicious indicators and on technical and intel reports of cyber threat activities of interest.
Perform proactive and iterative searches on customer systems and network to detect advanced threats
Identify any anomalous/malicious behavior using cyber threat hunt plans and techniques and identify any defensive gaps in the customer environment
Create comprehensive cyber threat hunt reports which include sourced threat intelligence, threat hunt findings, limitations, risk analysis and presenting recommendations with prioritized mitigations.
Review operational detection mechanisms to assess security posture, recommend/develop new or custom security content to include signatures, alerts, workflows and automation to counter prospective threats and enable future hunts
Coordinate response, triage and escalation of any malicious events found with IR team
3+ years of experience with data hunting/manipulation/presentation.
Expertise in network and host-based analysis and investigations
Experience in planning threat hunts
Understanding of complex Enterprise networks (routing, switching, firewalls, proxies, etc.)
Knowledge of common networking protocols (http, dns, smb, etc.)
Familiarization of Windows, Linux and MacOS operating systems
Proficient with scripting languages such as Python or PowerShell
Familiarity with Splunk, Crowdstrike, Tanium
Skilled in identifying common encoding techniques (e.g., Exclusive Disjunction [XOR], American Standard Code for Information Interchange [ASCII], Unicode, Base64, Uuencode, Uniform Resource Locator [URL] encode).
Any 1 of: CISSP (associate), CCSP, SSCP, AND any from the CSSP Analyst, Infrastructure Support, or IR from the DOD 8570 list (or other similar certifications as approved by Government)
Active Secret Clearance and Eligibility for TS/SCI