Threat Defense Operations Lead

Booz Allen Hamilton   •  

Denver, CO

Industry: Accounting, Finance & Insurance


8 - 10 years

Posted 172 days ago

This job is no longer available.

Job Number: R0011687

Threat Defense Operations Lead

Key Role:

Serve as a subject matter expert and manager for client-facing tasks, including the assessment, design, and implementation of a variety of enterprise security prevention, detection, and response capabilities. Build, manage, and implement security analytic use cases for analytic tools, including Splunk to detect and respond to threats. Develop and enhance security device rules, queries, filters, dashboards, reports, channels, and custom active lists. Assess, recommend, enhance, implement, and monitor a variety of security tools spanning multiple capabilities, including intrusion detection and prevention and security analytics. Perform retrospective anomaly and malware detection, leveraging client-facing tools and adapt to new toolsets. Integrate multiple sources of threat intelligence, including YARA rules, OpenIOC, and general reports into various security tools and work closely with additional client security teams to develop, tune, automate, and enhance network and host-based security devices. Manage a team in the event of a Cyber intrusion or incident, perform extensive network and host triage, maintain strict chain-of-custody, develop documentation and reports, and perform remediation. This position will require extensive travel to high profile commercial client sites throughout the US, up to 75% of the time and is located in the Washington, DC metro area.

Basic Qualifications:

-7+ years of experience with incident response, security operations, or Cybersecurity

-Experience with managing a security operations center or a team of analysts performing assessment, design, and implementation of enterprise security prevention, detection, and response capabilities

-Experience with SIEMs, including dashboard and report generation and analysis

-Experience with analyzing network and host logs to identify outliers and anomalies and creating, leveraging, and implementing IOC datasets, including YARA or OpenIOC

-Experience with implementing and maintaining networksecurity devices

-Knowledge of offensive and defensive host and networksecurity techniques

-Knowledge of common network and host security technologies and Cyber threat intelligence processes

-Ability to obtain a security clearance

Additional Qualifications:

-2+ years of experience with leading staff in project or task delivery

-Experience with scriptinglanguages

-Experience with performing anomaly or malware hunts

-Experience with malware analysis, including static and dynamic analyses

-Experience with data loss prevention techniques and tools

-Knowledge of the Windows file system and areas of persistence

-BA or BS degree in CS, IT, Cybersecurity, or a related field

-Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), or other relevant GIAC Certification


Applicants selected will be subject to a securityinvestigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.