Datum job openings in IT

EMPLOYMENT DETAIL

We provide highly competitive benefits, flexible contracting, opportunities for growth and a dedication to employee satisfaction.

Array
(
)
Back to job list

Principal IT Security Analyst

 
Location: Atlanta, Georgia
ID Number: #SCS2010157

Our core objective is to ensure safe and reliable computing environment for the consumers of our services, both internally and externally. Our complex environment generates a constant stream of challenges which require continual innovation with an evolving set of technologies. Keeping the network safe and reliable ensures that our users stay connected with our applications, products and services.

We are seeking an experienced and passionate Adversary Threat Hunter to join our Technology Security organization. This is a technical, hands-on and leadership role that requires the ability to self-direct and lead hunting engagements to find evidence of suspicious behavior, adversarial behavior, or unauthorized access to the company's network and systems. This position is responsible for advising threat hunting program objectives and strategy, leading and conducting proactive threat hunting engagements, advising the implementation of security technologies and controls to improve defensive posture, advising and implementing processes in support of investigations, advising detection engineering efforts, and supporting incident response efforts supported by hunting engagements.

The ideal candidate will have a strong background in cyber security and security operations, with a blend of forensic, investigative, analytical, threat intelligence, and technical skills.

QUALIFICATIONS

Education

  • Bachelor’s degree in computer science, technology, engineering or security-related field or equivalent experience

Experience

  • Minimum 7 years IT security experience, or 5 years with Master’s degree
  • Broad knowledge of core information security principles (e.g. access control, least privilege, data integrity) and security capabilities
  • Thorough understanding of network design principles (including topology, protocols, network components, and principles) and virtualized infrastructures
  • Practical experience with Splunk, ArcSight or comparable Security Information and Event Management (SIEM)
  • Demonstrated experience in security operations, including SOC and security monitoring, incident response, host/network forensics, penetration testing, cyber threat intelligence, malware analysis, or security consulting
  • Demonstrated ability to work outside of the standard enterprise tools and alerts to identify adversarial behavior
  • Experience performing forensic analysis on Windows and LINUX/UNIX systems, including experience in:
      • SIEM search language, search techniques, alerts, dashboards, and report building
      • Developing and tuning use cases for SIEM alerts
      • Network and EDR/EDX
      • PCAP Analysis
      • Windows/Unix command line utilities 
      • Reputation analysis associated with IP’s, Domains, Email Addresses  
      • Cloud application forensic analysis
      • IDS tools
  • Thorough understanding of TCP/IP network stack, network technologies, network traffic analysis and protocols
  • Strong knowledge of telecommunications and data network systems including IP addressing and naming (DNS, DHCP), LAN switching, core network switching and network routing protocols including OSPF and BGP 
  • Basic understanding of regular expression and common scripting languages (PERL, Python, Powershell, Bash) 
  • Basic understanding of Yara, Snort, Sigma or other similar detection logic is desirable 
  • Experience with F5 Networks products (BigIP, ASM, GTM) strongly preferred 
  • Experience with one or more security frameworks – Cloud Security Alliance, PCI DSS, Assurance Registry from the Cloud Security Alliance, NIST CSF, Cyber Kill Chain, Pyramid of Pain, Diamond Model for intrusion analysis and MITRE ATT&CK
  • Familiar with threat intelligence lifecycle and adversary TTPS, including Cyber Crime, Malware, Botnets, Hacktivism, Social Engineering, APT, or Insider Threat is ideal 
  • Understanding of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code injection, race conditions, covert channel, replay, return-oriented attacks)
  • Experience drafting Security Analyst processes and procedures for security operations
  • Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments 
  • Solid verbal and written communication skills required

JOB RESPONSIBILITIES

  • Advise development of program objectives, priorities, and strategy
  • Work with manager to identify and track specific metrics and outcomes to demonstrate team value proposition
  • Lead, design and conduct structured, hypothesis driven threat hunting engagements
  • Collect and analyze data from multiple sources and tools to discover evidence anomalies and adversarial behavior
  • Monitor and analyze security tool alerts and SOC events to identify potential trends and priorities for targeted hunting engagements
  • Maintain knowledge of the current security threat landscape by monitoring related internet postings, intelligence reports and other sector specific sources as necessary 
  • Work alongside Cyber Threat Intelligence team to evaluate and gain knowledge regarding threat actor behaviors, TTPs, and cyber threat landscape
  • Support detection engineering team and security monitoring efforts by advising the development of enhanced SIEM detection content and capabilities to identify the presence of cyber threats or predict potential attacks
  • Advise and support implementation of security controls and solutions to improve defensive capabilities based on lessons learned from hunting engagements
  • Partner with Threat Analysis and Incident Response teams to create initiatives focused on evaluating threat actors’ techniques and identifying solutions to improve defensive capabilities 
  • Support incident response, remediation, and recovery efforts identified through hunting engagements as well as development of threat scenarios, and response playbooks
  • Collaborate with peers from across the organization and maintain excellent working relationships with key partners across Technology Organization functions and business partners
  • Collaborate with U.S. Government partners and agencies in support of hunting engagements
  • Assist manager with development of presentations and communication pieces for key stakeholders and senior leadership regarding hunting engagements, identified anomalies, suspicious activity or other potential threats
  • Present and communicate outcomes of hunting engagements with key stakeholders and business partners
  • Demonstrate company values of Safety First, Unquestionable Trust, Superior Performance, and Total Commitment

JOB REQUIREMENTS   

  • Must be willing and able to obtain and maintain US government security clearance.
  • Required to submit to a thorough background examination
  • Strong technical consulting experience: ability to understand business requirements and present appropriate solutions
  • Ability to work independently or within a team
  • Demonstrated critical, independent thinking; demonstrated ability to conceive and present creative solutions
  • Must pass NERC CIP & Insider Threat Protection background checks
  • One or more relevant industry certifications (GSEC, CISSP, GCIA, GMON, GCFA, GCFE, GREM, CEH, OSCP)
  • Occasional travel to local and regional locations in pursuit of the job duties and requirements

“All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.”

Recruiter
Hi I'm
Lalit Mohan
Interested in this job?
Act now!
  • Max. file size: 128 MB.
  • Hidden
  • Hidden
  • Self Identification

  • Please mark the box that describes the race/ethnicity category with which you primarily identify.