Job Number: R0205491
Cyber Threat Hunter
The Opportunity:
Cyber threats are evolving, and perimeter security and automated protection
aren't enough-it's time to go threat hunting. We need your help in
detecting advanced cyber threats to the nation's critical infrastructure.
Instead of letting the attackers come to us, let's go find them.
We're looking for an experienced Cyber Threat Hunter who can think like an
attacker to develop solutions for finding threats who've evaded existing
security measures. You'll use your offensive and defensive experience to
rapidly prototype and develop detections to find intrusions. Work with our
team of cyber threat hunt experts to find the adversary and advise federal
customers on ways to close the gaps and harden their defenses.
With your technical expertise, you'll build creative solutions to help
your customers meet their toughest challenges. This is a chance to think
differently about cyber defense, use completely new tools and approaches,
and develop the next generation of security analytics.
Let's outsmart the adversary and secure part of the nation's critical
infrastructure.
Join us. The world can't wait.
You Have:
10+ years of experience supporting cyber operations in incident response,
threat hunting, detection engineering and/or offensive operations in
Windows and Linux environments
Experience with researching advanced threats and developing threat hunts on
emerging tactics and techniques
Experience with malware analysis, network packet captures and host log
forensics
Experience with SIEM platforms such as Elastic or Splunk for analysis,
visualization and development of threat hunt queries
Top Secret clearance
Bachelor's degree and 12+ years of experience with information assurance
or cybersecurity, or Master's degree and 8+ years of experience with
information assurance or cybersecurity
IAT Level III Certification, including CISSP, GCIH, CASP, or CISA
Certification
Nice If You Have:
Experience scoping and performing intelligence driven threat hunts
Experience with writing custom detections or scripting threat hunts on large
data sets
Experience with threat emulation or Purple Teams
Experience analyzing ICS and SCADA network traffic and host logs
Knowledge of virtualization and infrastructure as code
Experience with the U.S. Intelligence Community and using intelligence to
support cyber defensive operations
Experience with U.S. critical infrastructure cyber operations
Experience writing technical reports and briefing leadership
Clearance:
Applicants selected will be subject to a security investigation and may need
to meet eligibility requirements for access to classified information; Top
Secret clearance is required.
Compensation
At Booz Allen, we celebrate your contributions, provide you with
opportunities and choices, and support your total well-being. Our offerings
include health, life, disability, financial, and retirement
benefits, as well as paid leave, professional development, tuition
assistance, work-life programs, and dependent care. Our recognition awards
program acknowledges employees for exceptional performance and superior
demonstration of our values. Full-time and part-time employees working at
least 20 hours a week on a regular basis are eligible to participate in Booz
Allen's benefit programs. Individuals that do not meet the threshold are
only eligible for select offerings, not inclusive of health benefits. We
encourage you to learn more about our total benefits by visiting the Resource
page on our Careers site and reviewing Our Employee Benefits page.
Salary at Booz Allen is determined by various factors, including but not
limited to location, the individual's particular combination of
education, knowledge, skills, competencies, and experience, as well
as contract-specific affordability and organizational requirements. The
projected compensation range for this position is $96,600.00 to
$220,000.00 (annualized USD). The estimate displayed represents the
typical salary range for this position and is just one component of Booz
Allen's total compensation package for employees. This posting will close
within 90 days from the Posting Date.
Identity Statement
As part of the application process, you are expected to be on camera during
interviews and assessments. We reserve the right to take your picture to
verify your identity and prevent fraud.
Work Model
Our people-first culture prioritizes the benefits of flexibility and
collaboration, whether that happens in person or remotely.
If this position is listed as remote or hybrid, you'll periodically work
from a Booz Allen or client site facility.
If this position is listed as onsite, you'll work with colleagues and
clients in person, as needed for the specific role.
EEO Commitment
We're an equal employment opportunity/affirmative action employer that
empowers our people to fearlessly drive change - no matter their race,
color, ethnicity, religion, sex (including pregnancy, childbirth,
S:BAH-GPSMALLB
