Threat Hunting Analyst

Overview:
Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice, producing
_Results that Matter_. Come work with the best We offer opportunity, unique challenges, and clear-sighted commitment to the mission. SPA: Objective. Responsive. Trusted.

SPA has an immediate need for a Threat Hunting Analyst to provide contracting services for NATO.

**Responsibilities**:
As a Cyber Security Threat Hunting Analyst, the incumbent will work alongside a team of Security Analysts to proactively detect cyber security attacks against NATO networks. They will research and react to the latest threats, using industry‐leading tools to discover new and ongoing attacks.

Main responsibilities:

- Develop hypotheses to be used in a threat hunt;
- Create security tool content such as searches, reports and dashboards to facilitate threat hunting;
- Perform in‐depth analysis of suspicious activity to deliver conclusions and recommendations;
- Review and develop logging configurations to enable a comprehensive threat hunting capability;
- Develop and document threat‐hunting procedures;
- Share the results of threat hunts via presentations and technical reports.

Qualifications:
**Required Qualifications**:

- Expert level in at least three of the following areas and a high level of experience in several of the other areas;
- Cybersecurity threat hunting;
- MITRE ATT&CK Framework;
- Security Incidents Event Management products (SIEM) - e.g. Splunk;
- Splunk Processing Language;
- Network Based Intrusion Detection Systems (NIDS) - e.g. SourceFire, Palo Alto Network Threat Prevention;
- Host Based Intrusion Detection Systems (HIDS);
- Sysmon;
- Full Packet Capture systems - e.g. Niksun, RSA/NetWitness;
- Computer security tools (Vulnerability Assessment, Anti‐virus, Protocol Analysis, Anti‐Virus, Protocol Analysis, Anti‐Spyware, etc);
- Proficiency in Intrusion/Incident Detection and Handling;
- Normal office environment with standard working hours, but may exceptionally be required to work non‐standard hours in support of a major Cyber Incident, or on a shift system for a limited period of time due to urgent operational needs.
- NATO Secret security clearance
- National from one of the 30 NATO Nations

**Desirable Qualifications**:

- Industry leading certification in the area of Cybersecurity such as GCFA, GCIA, GNFA;
- Knowledge and experience in Splunk Enterprise Security suite;
- A good understanding of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to the protection of CIS infrastructures;
- Knowledge and experience in threat hunting in corporate/government level environment;
- Strong knowledge of malware families and network attack vectors;
- Experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets;
- Ability to analyse attack vectors against a particular system to determine attack surface.
- Extensive practical experience with malware analysis products (Cuckoo, Opswat Metascan);
- Experience with system instrumentation solutions such as Ansible, Chef, etc.;
- Industry leading certification in the area of Cybersecurity such as CISSP, CISM, MCSE/S, CISA, GSNA, SANS GIAC;
- Tenable Certified Security Engineer;
- Prior experience of working in an international environment comprising both military and civilian elements.