Threat Hunt Lead -- Top Secret in Herndon, Virginia at General Dynamics Information Technology

USA VA Herndon - 13857 Mclearen Road (VAS091)
Full time
RQ219655
Type of Requisition:
Regular

Clearance Level Must Currently Possess:
Top Secret

Clearance Level Must Be Able to Obtain:
Top Secret

Public Trust/Other Required:
None

Job Family:
Cyber and IT Risk Management

Job Qualifications:

Skills:
Cyber Operations, Cyber Threat Analysis, Cyber Threat Modeling, Team Management
Certifications:
None
Experience:
10 + years of related experience
US Citizenship Required:
Yes

Job Description:

The Threat Hunt Lead is responsible for overseeing all cyber threat hunt, adversary analysis, malware analysis, and digital forensics mission activities under an upcoming government contract. Hunts will include operations within sensitive environments such as Operation Technology (OT), Industrial Control Systems (ICS) and other Critical Infrastructure (CI) networks.

The successful leader directs multidisciplinary hunt and forensic teams providing full spectrum detection, analysis, and response capabilities that enable federal stakeholders to identify, understand, and counter sophisticated cyber threats across federal, State Local Tribal and Territorial (SLTT), commercial, critical infrastructure, and cloud environments.

The Threat Hunt Lead ensures continuous detection of adversary behavior, manages simultaneously deployed hunt operations, oversees advanced malware and forensics workflows, and delivers high quality analytic products that inform national cyber defense actions. The role maintains readiness of personnel, tools, and flyaway kits to support rapid, remote, or onsite engagements.

Key Responsibilities

Adversary, Malware, and Forensics Analysis Oversight

• Oversee simultaneously deployed hunt operations teams performing adversary tool analysis, including dynamic and static malware analysis and full reverse engineering of binaries, scripts, malicious documents, and artifacts to determine functionality, behavior, and command and control mechanisms.

• Oversee simultaneously deployed teams conducting digital forensic analysis of affected systems to determine malware impact, persistence mechanisms, and threat actor behavior.

• Deep understanding of all levels of threat actor tools, techniques and procedures (TTPs) that actor(s) may deploy including advanced (AI/ML) modeling techniques.

• Extensive knowledge of emerging, established and nation-state level threat actor behaviors to include subversion and/or false flag operations techniques designed to circumvent established cyber inspections tools.

• In-depth ability to adapt to diverse cyber environments in which managed teams may not have access to on-site cyber tools (event correlation mechanisms) and manage teams that may need to "live off the land" with on-site-provided cyber tools.

• Strong knowledge of air-gapped environments and how direct simultaneously deployed hunt teams within them to ensure consistent reporting.

• Ensure simultaneously deployed teams develop custom scripts, tools, and analytic methods to identify, characterize, and visualize adversary techniques across hunt, malware, and forensics workflows within both established and a-typical cyber environments e.g., OT/ICS environments, commercial environments

• Ensure production of high quality indicators of compromise, detection artifacts, and adversary capability assessments that support national cyber defense operations.

Thread Hunt Operations Management

• Oversee full spectrum hunt and incident response engagements, onsite and/or remote, ensuring simultaneously deployed teams identify threats, assess impact, and recommend remedial actions to local stakeholders.

• Direct continuous analysis of established and a-typical cyber defense sensor data, endpoint activity, network flows, cloud telemetry, and communications data to detect adversarial behavior and anomalous activity.

• Ensure simultaneously deployed hunt teams maintain continuous awareness of emerging attack techniques, threat actors, tools, and methodologies to remain effective and up to date.

• Oversee both classified and unclassified delivery of federal stakeholder branded analytic products, intelligence deliverables, threat assessments, and technical reports that contextualize adversary activity.

• Determine the mechanisms for the timely and accurate release of indicators to best ensure a proactive threat posture against cyber threat actors.

• Prepare, support the delivery of and oversee the creation of on-demand and formal reporting so as to ensure the timely and accurate reporting of shifting threat actor TTPs regardless of attribution.

• Understand, direct, oversee and ensure adherence to established frameworks of reporting mechanisms such as MITRE ATT&CK (Enterprise, Mobile, ICS, etc.)

Host Based, Network, Cloud, and OT/ICS Forensics Leadership

• Oversee simultaneously deployed teams performing forensic examination across host systems and digital media (phones, hard drives, memory images, etc.)

• Direct simultaneously deployed network forensics operations to identify threat attacker behavior, develop network signatures, analyze network traffic and configurations, and produce authoritative forensic reports.

• Oversee simultaneously deployed cloud forensic teams

• Manage simultaneously deployed OT/ICS forensic teams conducting analysis across industrial control systems

• Support, lead, direct and oversee appropriate remediation suggestions and work with appropriate local stakeholders including OT/ICS engineers.

Malware Analysis and Operations Oversight

• Oversee simultaneously deployed malware operations teams responsible for evaluating complex malicious code, performing static/dynamic analysis, triaging samples, and generating high quality technical reports.

• Ensure development of custom detection signatures (YARA, SIGMA) and automated cleanup tools to enhance detection and remediation activities.

• Oversee team's simultaneously deployed workflows for the management of malware submissions to pre-approved stakeholders only and where/when applicable, include triage, prioritization, and status tracking.

• Ensure teams develop metrics to evaluate analysis throughput, accuracy, timeliness, and mission impact.

Operational Processes, Procedures, and Performance Metrics

• Oversee the stakeholder approved development, maintenance, and improvement of Standard Operating Procedures (SOPs), playbooks, analytic processes, workflows, robotic process automations (RPAs) and procedures supporting hunt, malware, and forensic operations.

• Ensure simultaneously deployed teams contribute to performance metrics measuring forensic effectiveness, response quality, hunt mission impact, and operational readiness.

• Oversee the threat hunt team's participation in classified and unclassified interagency technical exchanges and communities of interest to strengthen national cyber defense integration.

Deployable Hunt and Forensic Capability Management (Flyaway Kits)

• Oversee readiness of all deployable hunt and forensics resources; including fullcapacity and reducedcapacity flyaway kits, storage media, imaging systems, and tools.

• Ensure kits are provisioned, tested, updated, sanitized, and secured in accordance with chainofcustody and data handling requirements.

• Oversee rapid deployment capabilities supporting simultaneously deployed remote or onsite incident response, exercises, and surge support events.

Required Qualifications

• Experience leading simultaneously deployed hunt, malware analysis, digital forensics, or incident response teams within largescale, enterprise, commercial and OT/ICS cyber defense programs.

• Deep knowledge of nation state, emerging and established adversary TTP analysis, reverse engineering, forensic acquisition, and threat detection methodologies.

• Deep understanding and experience with hostbased, network, cloud, and OT/ICS forensics.

• Strong understanding of malware analysis, dynamic/static analysis tools, and detection signature development across multiple operating environments including OT/ICS

• Ability to oversee multidisciplinary teams and coordinate multiple concurrent engagements.

• Strong communication, reporting, and analytic leadership skills.

• 10 years of overall cybersecurity experience with 5 years of management of cybersecurity teams

Preferred Qualifications

• Experience supporting federal stakeholders such as the DHS, DoW, the Intelligence Community (IC), the FBI and/or other national security cyber missions.

• Experience supporting commercial threat hunting operations.

• Experience supporting, leading and or directing threat hunt teams within OT/ICS environments.

• Experience supporting, leading and or directing cyber protection teams.

• Significant hands-on experience with advanced threat hunting techniques in air-gapped and or otherwise sensitive operating environments.

• Certifications such as GREM, Certified Threat Hunter (MTH), Offensive Security Certified Professional Plus (OCSP+), GIAC Penetration Tester (GPEN), GCTI, GNFA, GRID, CRTO or similar advanced technical credentials.

• Experience with ATT&CK frameworks across Enterprise, Cloud, and ICS.

• Experience managing deployable cyber hunt kits or rapid response teams.

GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.
• Growth: AI-powered career tool that identifies career steps and learning opportunities
• Support: An internal mobility team focused on helping you achieve your career goals
• Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
• Community: Award-winning culture of innovation and a military-friendly workplace

The likely salary range for this position is $170,000 - $230,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:
40

Travel Required:
Less than 10%

Telecommuting Options:
Hybrid

Work Location:
USA VA Herndon

Additional Work Locations:

Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.

Join our Talent Community to stay up to date on our career opportunities and events at
gdit.com/tc.

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

About Us

Join our 30,000 everyday heroes. We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 30 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology. For more information about GDIT's Privacy Policy, click here: