Job Details

Business Operational Concepts (BOC) is a recognized leader in providing Technical and Program Management Services, Information Technology, and Support.

BOC has enabled their Government and Commercial clients to achieve their organizational initiatives through the application of high quality, innovative, and cost-effective professional services and solutions.  We provide a positive working environment, with opportunities for advancement in our growing Federal sector workforce. 

We offer an excellent compensation package which includes a generous salary, insurance (medical, dental, etc.), paid leave, 401k plan and more. We are committed to the diversity we bring to the marketplace and believe customer satisfaction comes first.

JOB SUMMARY: 

Business Operational Concepts (BOC) is currently seeking a seeking a Threat Hunting and Forensics Analyst to work with our federal client. The ideal candidate will serve as a Threat Hunting and Forensics Analyst within the federal client’s Cybersecurity Division – Cyber Integration Center. A highly motivated individual with strong technical, communication, and organizational skills will succeed in this program.

The federal client’s Threat Hunting and Forensics (THF) Team is responsible for performing two critical cyber security functions. The first being digital forensics in support of cybersecurity incidents requiring detailed analysis to reconstruct the series of events that led to a compromise or breach. The Threat Hunt and Forensics Team collects, processes, analyzes, preserves, and presents computer-related evidence in support of cyber incidents, law enforcement, fraud, or counterintelligence.

The THF Team also performs advanced cyber threat hunting throughout the IT enterprise, going far beyond simple indicator of compromise (IOC) sweeps. The THF Team analyzes detailed information and intelligence on known and emerging Advanced Persistent Threat (APT) and cybercriminal actors to develop attack hypotheses relevant to the federal client’s IT enterprise. Working collaboratively with the client’s Cyber Threat Intelligence (CTI) Team and Continuous Penetration Testing Team, threat hunts are designed to find any internal indications of adversary activity.

DUTIES AND RESPONSIBILITIES:

• Perform active cyber threat hunt activities based on current cyber threat intelligence and the MITRE ATT&CK Framework.
• Build queries, alerts, and automations to monitor activities and traffic across the network.
• Perform detailed analysis to reconstruct the series of events that led to a compromise or breach.
• Collaborate with the CTI Team to establish relevant tactics, techniques and procedures for prioritized cyber actors identified in the threat model.
• Collaborate with the Security Operations Center (SOC) to continuously develop and tune alerts and automations to detect and repel threat to the federal client’s operations.
• Develop cyber hunt activities based on attack hypotheses to identify indications of potential compromise or breach.
• Possess advanced knowledge across various IT platforms in order to understand how attacks occur and what residual indicators might result.
• Develop, maintain, and update the Threat Hunting Concept of Operations (ConOps) and standard operating procedures (SOPs) as identified in contract deliverables.
• Collaborate with and support the Insider Threat Program.
• Execute proactive defense of the federal client’s systems through IOC sweeps, host interrogation, and persistent threat hunting.
• Conduct advanced analysis and adversary hunting activities in support of operations to proactively uncover evidence of adversary presence on federal client networks and follow Incident Handling processes for detected Insider Threat activity.
• Receive and apply intelligence from the CTI Team, including IOCs and TTPs, to hunt for activity within federal client networks.
• Provide status updates according to the reporting rhythm, maintain daily Activities Tracker, and prepare Enterprise Forensics, Malware Analysis and Advanced Hunting Plan & SOP as identified in contract deliverables.
• Preserve the user activity monitoring audit data chain of custody in accordance with Title 5 U.S.C. (aka Privacy Act) and in compliance with Federal and DHS regulations.
• Provide notification, escalation, and daily summary reports based on security event analysis in accordance with the current Federal requirements, DHS requirements and guidelines.
• Proactively search through networks to detect and isolate advanced threats that evade existing security solutions.
• Perform digital forensic analysis, including network, cloud, and host based.
• Collect, process, analyze, preserve, and present computer-related evidence in support of cyber incidents, law enforcement, and fraud or counterintelligence.
• Maintain a secure sandboxing solution, simulated Internet connectivity, multiple Antivirus vendor scanning capabilities, and other methods to safely determine malware affects and indicators.
• Ensure that the malware lab contains appropriate digital media analysis tools and equipment (i.e., spare hard drives for replication).
• Conduct forensic analysis of digital media or package and ship media to a designated computer forensic analysis team.
• Identify, analyze, reverse engineer, and de-obfuscate content related to cyber incidents in the lab environment isolated from the client’s networks.
• Serve as technical Subject Matter Experts (SMEs) within the team.
• Write, update, and modernize SOPs in accordance with applicable Federal policies, regulations, directives, and standards including, but not limited to, the current NIST Publications.
• Conduct formal digital forensic investigations and document findings in formal investigation reports.
• Conduct malware analysis and provide Malware Analysis Reports.
• Develop new security content, such as network IDS signatures, endpoint and SIEM Queries and attacker TTPs after reversing malware.
• Conduct purple team assessments in conjunction with the penetration testing team to measure effectiveness of existing logging and detection mechanisms and identify areas of improvement.

QUALIFICATIONS:

Required (Minimum) Qualifications – Education, Certification, Experience, and Skills

• High School or GED-General Educational Development-GED Diploma
• Bachelor’s degree in computer science or equivalent is preferred
• Minimum of five years’ hands-on experience
• Understanding of basic computer and networking technologies.
  • Windows and Linux operating systems
  • Networking technologies (routing, switching, VLANs, subnets, firewalls)
  • Common networking protocols – SSH, SMB, SMTP, FTP/SFTP, HTTP/HTTPS, DNS, etc.
  • Common enterprise technologies – Active Directory, Group Policy, and the Microsoft Azure suite of cloud services.
• Understanding of current system logging technology and retrieving information from a plethora of technology platforms.
• Familiarity with the MITRE ATT&CK Framework and deep, technical-level understanding of the major techniques contained within.
• Ability to work with or learn Microsoft Power BI.
• Ability to obtain and maintain Public Trust Security Clearance.
• Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Accordingly, U.S. Citizenship is required.
• Grasp of core THF concepts:
• Adversary Tactics, Techniques, and Procedures (TTPs): Deep familiarity with the MITRE ATT&CK framework and common APT behaviors.
• Hypothesis-Driven Hunting: Ability to form and test analytic hypotheses based on threat intelligence and anomalous activity.
  • Data Analysis & Correlation: Skilled at leveraging SIEM, EDR, and network telemetry to detect patterns and anomalies.
  • Indicators of Compromise (IOCs): Identifying, validating, and operationalizing IOCs across diverse data sources.
  • Forensic & Malware Analysis Fundamentals: Understanding of how to examine artifacts, logs, and malicious code behavior.
  • Automation & Scripting: Competence in Python, PowerShell, or similar languages to streamline hunting workflows. Excellent analytical and problem-solving skills. The preferred candidate should have the ability to work independently, but also to work as part of a team.
• Ability to research and understand log sources for new or unfamiliar systems, and learn how to distinguish between “normal” activity and anomalous/malicious activity on those systems.
• Familiarity with the Microsoft 365/Azure suite of products including Microsoft Sentinel and Microsoft 365 Defender.
• Ability to speak publicly within the organization at meetings with up to 100 participants.
• Willingness to take on and adapt to new, open-ended tasks for which there is no current standard operating procedure.
• Ability to research independently and self-teach.
• Proficiency with common enterprise AI tools such as ChatGPT and Microsoft CoPilot to enhance productivity.

Preferred Qualifications – Education, Certification, Experience, Skills, Knowledge, and Abilities

• Interest in security/hacking culture. Ability to “think like an attacker”
• Any threat hunting or forensics certification, especially:
  • eLearnSecurity Certified Threat Hunting Professional (eCTHPv2)
  • SANS GIAC Reverse Engineering Malware (GREM)
  • EC-Council Computer Hacking Forensic Investigator (CHFI)
• Any Microsoft 365/Azure cybersecurity certification, especially:
  • Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900)
  • Microsoft Certified: Security Operations Analyst Associate (SC-200)
  • Microsoft Certified: Azure Fundamentals (AZ-900)
  • Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Expertise in Microsoft Power BI
• Knowledge of common enterprise technologies, policies, and concepts such as:
  • Microsoft Sentinel SIEM
  • Kusto Query Language (KQL)
  • Mobile device technologies (iOS, Android)
  • Scripting experience (PowerShell, Python, etc.)
  • Azure DevOps
• Artificial Intelligence (AI) / Machine Learning (ML) expertise
  • In-depth knowledge of AI and ML concepts.
  • How to practically apply AI/ML technologies to enhance cyber threat hunting capabilities.
  • Experience with specific AI services offered within Microsoft Azure.

Business Operational Concepts, LLC is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws.