Cyber Threat Hunter, Lead

Cyber Threat Hunter, Lead
**The Opportunity**:
Cyber threats are evolving, and perimeter security and automated protection aren’t enough—it’s time to go threat hunting. We need your help in detecting advanced cyber threats to Federal Civilian Executive Branch Agencies, the DoD, Intelligence Communities, and Fortune 500 Companies. Instead of letting the attackers come to us, let’s go find them.

We’re looking for an experienced CND and CNO specialist who can think like a cyber attacker to figure out how to circumvent security measures. You’ll use your network defense experience and analytical skills to rapidly prototype and develop scripts to create haystacks and sift through the false positives to find patterns and indicators. Work with our team of seasoned Threat Hunters, Detection Engineers, and Threat Intelligence Analysts to find the adversary in the SEIM’s blind spot and advise clients on ways to close the gaps and harden their network.

With your technical expertise, you’ll build creative solutions to help your customers meet their toughest challenges. This is a chance to think differently about cyber defense, use completely new tools and approaches, and develop the next generation of security analytics. Let’s outsmart the adversary and secure our nation's critical networks.

Join us. The world can’t wait.

**You Have**:

- 5+ years of experience with cybersecurity offensive or defensive technical operations
- Experience with Advanced Persistent Threat (APT) hunting, pen-testing, digital forensics, SOC Operations, or incident response
- Ability to profile and track malicious actors that pose a threat in coordination with threat intelligence support teams
- Ability to review and analyze security log files from various sources, including cloud, network, endpoint, or IdAM
- Secret clearance
- HS diploma or GED

**Nice If You Have**:

- Experience with common threat-hunting solutions, tools, or techniques used to analyze malware, extract indicators, and create signatures
- Experience with Windows Enterprise security and systems administration, ATP, ATA, or Sentinel, and SIEM or SOC, including QRadar, SplunkES, and ArcSight
- Experience with data hunting, ELK, Splunk, Apache Spark, AWS Stack, and GCP
- Experience with scripting, REST APIs, and forensic tools, including FTK and Encase
- Experience with endpoint telemetry, Carbon Black, FireEye HX, Falcon, Tanium, and Endgame
- Possession of excellent oral and written communication skills
- Possession of excellent presentation skills
- GIAC, GCFA or SANS 508, GCFA GCFE, GREM, GNFA, GSNA, CISA, or OSCP Certification

**Clearance**:
**Create Your Career**:
**Grow With Us**

Your growth matters to us—that’s why we offer a variety of ways for you to develop your career. With professional and leadership development opportunities like upskilling programs, tuition reimbursement, mentoring, and firm-sponsored networking, you can chart a unique and fulfilling career path on your own terms.

**A Place Where You Belong**

Diverse perspectives cultivate collective ingenuity. Booz Allen’s culture of respect, equity, and opportunity means that, here, you are free to bring your whole self to work. With an array of business resource groups and other opportunities for connection, you’ll build your community in no time.

**Support Your Well-Being**

Our comprehensive benefits package includes wellness programs with HSA contributions, paid holidays, paid parental leave, a generous 401(k) match, and more. With these benefits, plus the option for flexible schedules and remote and hybrid locations, we’ll support you as you pursue a balanced, fulfilling life—at work and at home.

**EEO Commitment**

LI-Remote