Second Line Security Event Analyst Threat Hunting

**Get an edge on advancing your career**

If you’re ready to meet complex challenges, we’re ready to meet you.

MCR is a fast-growing global company headquartered in McLean, VA that supports defense and civilian agencies, NATO, and European ministries that face some of the most complex mission challenges in the world. If you are the best at what you do, we are looking for you. At MCR, you will contribute to programs and projects that matter—to your career, to your fellow citizens, and to your nation. You will use the latest technologies, techniques, and tools. You will be trusted to work independently and make decisions. You’ll be rewarded with top-tier compensation and benefits.

Do you have previous second line security event analyst threat hunting support experience? Are you looking to play a meaningful role in a creative environment? If so, we are searching for someone like you to join our team of experts supporting NATO

**DESCRIPTION OF DUTIES**

Your daily role responsibilities with our company will be as follows:

- Conduct detailed investigation and research of security events within NATO Cyber Security Centre (NCSC) team
- Analyze firewall, IDS, anti-virus and other sensor produced system security events and present findings
- Provide detailed technical reports about incidents and capability improvements
- Share security event/incident information with stakeholders via presentations and technical reports
- Appropriately leverage the comprehensive extended toolset (e.g. Log Collection, Intrusion Detection, Packet Capture, VA, Network Devices etc) to identify malicious activity. Be able to recommend improvements to enable enhancing investigations
- Provide Subject Matter Expertise supporting the end-to-end Cyber Security Incident Handling process
- Propose possible optimisations and enhancement which help to both maintain and improve NATO's Cyber Security posture
- Implement threat hunting and create technical reports related to threat hunting activities when requested.
- Analyze intelligence information gathered from both internal and external threat intelligence resources.
- Create technical use case documantation for threat hunting.
- Identify gaps in IT infrastructure by mimicking an attacker s behaviors and responses when requested.
- Provide expert investigative support of large scale and complex security incidents.

**REQUIRED QUALIFICATIONS**

If you have passion for the work described above, here are the basic qualifications we are looking for:

- Degree or equivalent work experience in related field other relevant discipline or equivalent combination of qualifications
- Expert level in at least three of the following areas and a high level of experience in several of the other areas;
- Security Incidents Event Management products (SIEM) - e.g. Splunk,
- Network Based Intrusion Detection Systems (NIDS) - e.g. SourceFire, Palo Alto Network Threat Prevention
- Host Based Intrusion Detection Systems (HIDS)
- Full Packet Capture systems - e.g. Niksun, RSA/NetWitness,
- A variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances)
- Computer forensics tools (stand alone, online and network)
- Computer incident response centre (CIRT), computer emergency response team (CERT)
- Computer security tools (Vulnerability Assessment, Anti-virus, Protocol Analysis, Anti-Virus, Protocol Analysis, Anti-Spyware, etc)
- Proficiency in Intrusion/Incident Detection and Handling,
- Solid knowledge and experience in Splunk Enterprise Security suite. Exceptionally this requirement can be compensated with proven level of expertise in network analysis and threat hunting.
- In possession of an active National and/or NATO Secret security clearance

**DESIRED SKILLS**
- Industry leading certification in the area of Cybersecurity such as GCIA, GNFA, GCIH.
- A good understanding of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to the protection of CIS infrastructures.
- A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)
- Solid knowledge and experience in threat hunting in corporate/government level environment
- Strong knowledge of malware families and network attack vectors
- Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets
- Ability to analyze attack vectors against a particular system to determine attack surface
- Ability to produce contextual attack models applied to a scenario

**EQUAL OPPORTUNITY EMPLOYER**

MCR, LLC is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability,