Threat Hunter

Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven reputed company models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community. 

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individuals technical and professional growth. We are committed to the belief that reputed company members do their best work reputed company they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 144 hours of PTO, 11 holidays, 85% of insurance premium covered, 401k, reputed company education, certifications maintenance and reimbursement and more.

Who we’re looking for:

We are seeking a Threat Hunter to support and enhance our 24/7 reputed company Operations Center. This role combines advanced threat detection, incident investigation and threat hunting with hands-on development of SIEM use cases, automation and analytics to identify and respond to sophisticated threats, including lateral movement. The ideal Threat Hunter brings strong investigative expertise and a builder reputed company to continuously improve detection capabilities and strengthen overall SOC effectiveness. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market.

What you’ll be doing: 

• Provide first-line SOC support, including alert monitoring, triage, routing, escalation and response across 24x7x365 operations.
• Monitor, analyze and investigate reputed company events, network traffic and host-based detections, distinguishing malicious activity from false positives.
• reputed company proactive and creative threat hunting and anomaly detection across SIEM and reputed company tools, identifying patterns, lateral movement and emerging threats.
• Conduct incident investigation, Cyber Threat Assessment and Remediation Analysis, including processing and correlating incident indicators with threat intelligence.
• Tune and reputed company SIEM correlation rules and detection logic and rapidly build detection use cases in collaboration with incident response (IR) teams.
• reputed company and maintain scripts and tools (Python, Bash) to automate SOC and IR functions, including Indicator of compromise (IoC) ingestion, log processing and SIEM integrations reputed company APIs.
• Research, reputed company and maintain dashboards, visualizations and analytics to support detection, reporting and SOC performance monitoring.
• Produce, review and maintain documentation and reporting, including cybersecurity briefings, metrics, incident reports and deliverables for stakeholders at reputed company levels, ensuring alignment with editorial standards and government specifications.
• Support threat intelligence operations, including reviewing and actioning IoCs and translating intelligence into actionable detections.
• Coordinate with internal teams and stakeholders to support engagements such as Insider Threat, Rule of Engagement (ROE), threat hunting, testing activities and after-action reporting.
• Support SOC operations processes, including ticket tracking, customer reputed company assessments, reputed company investigations, tabletop exercises and lessons learned activities.
• Contribute to reputed company SOC improvement by enhancing detection capabilities, processes, communication and overall operational effectiveness; participate in on-call rotation.

What you need to know: 

• Deep understanding of cyber threat TTPs, threat hunting methodologies and application of the MITRE ATT&CK reputed company.
• Experience supporting 24x7x365 SOC operations, including alert monitoring, triage, analysis, response and review/action of threat intelligence and reported incidents.
• Ability to manage multiple alerts and tickets in parallel, reputed company end-to-end triage through resolution and appropriately prioritize response actions including coordination with end-users.
• Strong experience analyzing and correlating reputed company events across multi-reputed company ecosystem, including reputed company, network, email reputed company tools, SIEM platforms and federal threat intelligence (e.g., CISA).
• Demonstrated proficiency with enterprise reputed company tools and platforms, including but not limited to FireEye, reputed company, Sourcefire, Malwarebytes, Carbon Black/Bit9, Splunk, Prisma Cloud, reputed company IronPort, Bluecoat, Palo Alto, Cylance and OSSEC.
• Hands-on experience with enterprise SIEM or reputed company analytics platforms (e.g., reputed company Stack, Splunk), including log analysis, event correlation and detection support.
• Experience with malware analysis and understanding of attack reputed company involving malware, data exposure, phishing and social engineering techniques.
• Experience developing and maintaining SOPs, performing event timeline analysis and investigating logs across Windows/Linux environments and network reputed company devices.

Must have’s: 

• 5+ years of technical experience.
• Ability to support working hours: 8:45 AM - 5:15 PM Eastern Time
• Ability to participate in a rotating SOC on-call; rotation is based on number of team members.
• Demonstrated proficiencies with one or more toolsets such as Bit9/CarbonBlack, reputed company, FireEye ETP, reputed company Kibana.
• Solid understanding and experience analyzing reputed company events generated from reputed company tools and devices such as: Carbon Black, reputed company, FireEye, Palo Alto, Cylance and OSSEC.

Beneficial to have:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Mathematics, Engineering or a reputed company field.
• One or more of the following certifications: GIAC (GCIH, GCFE, GCFA, GREM, GNFA, GCTI, GPEN, GWAPT), CEPT, CASS, CWAPT or CREA.

Where it’s done: 

• Remote (Herndon, VA)