Job Description :
Gather, extract, and disseminate open source intelligence (OSINT) on threat actors targeting the HHS, health care industry, government agencies in general, as well as public sector.
Provide proactive event monitoring/event management/configuration of the following security tools for targeted threats and malicious activity including but not limited to Splunk, Threat Connect, Risk Vision, and RiskIQ.
Provide Subject Matter Expert (SME) level evaluation on threats to an enterprise network as well as new technologies that could be leveraged to protect it by identifying security gaps with advanced analysis. Produce ‘white papers’ to the customer to clearly document threat and how to address.
Work with industry partners to gather and share intelligence. Apply intelligence to the HHS network and systems to proactively identify potential cyber threats.
Review audit logs and identify any unusual or suspect behavior
Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks
Provide proactive APT hunting, incident response support, and advanced analytic capabilities
Profile and track APT actors that pose a threat to the organization in coordination with threat intelligence support teams
Support the incident response process by providing advanced analysis services when requested to include recommending containment and remediation processes, independent analysis of security events, and reporting of identified incidents to Incident Handling (IH)Provide security solutions and interpretations of security policies as they relate to specific security infrastructure, architectures, and information systems in customer environment.
Coordinate meetings, compile reporting and manage deliverables.
Ensure IT security policies and controls are adequately addressed by conducting periodic quality control measurements including but not limited to IT security evaluations, audits, and reviews to verify that systems under customer purview are operating in a manner consistent with DHHS, DHS Security Policies, controls, and standards.
Evaluate, document and coordinate technical cybersecurity capabilities of various groups supporting the client, with an emphasis on risk, compliance, controls, and logging.
Assist team in implementation and maintenance of various Cyber Operations systems and applications as needed; for example, NAC, IDS, etc.