Threat Defense Operations Lead

McLean, Virginia, United States
May 28, 2018
Jun 06, 2018
Full Time
Job Description Job Number: R0011687

Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering and innovation expertise.

Threat Defense Operations Lead

Key Role:

Serve as a subject matter expert and manager for client-facing tasks, including the assessment, design, and implementation of a variety of enterprise security prevention, detection, and response capabilities. Build, manage, and implement security analytic use cases for analytic tools, including Splunk to detect and respond to threats. Develop and enhance security device rules, queries, filters, dashboards, reports, channels, and custom active lists. Assess, recommend, enhance, implement, and monitor a variety of security tools spanning multiple capabilities, including intrusion detection and prevention and security analytics. Perform retrospective anomaly and malware detection, leveraging client-facing tools and adapt to new toolsets. Integrate multiple sources of threat intelligence, including YARA rules, OpenIOC, and general reports into various security tools and work closely with additional client security teams to develop, tune, automate, and enhance network and host-based security devices. Manage a team in the event of a Cyber intrusion or incident, perform extensive network and host triage, maintain strict chain-of-custody, develop documentation and reports, and perform remediation. This position will require extensive travel to high profile commercial client sites throughout the US, up to 75% of the time and is located in the Washington, DC metro area.

Basic Qualifications:

-7+ years of experience with incident response, security operations, or Cybersecurity

-Experience with managing a security operations center or a team of analysts performing assessment, design, and implementation of enterprise security prevention, detection, and response capabilities

-Experience with SIEMs, including dashboard and report generation and analysis

-Experience with analyzing network and host logs to identify outliers and anomalies and creating, leveraging, and implementing IOC datasets, including YARA or OpenIOC

-Experience with implementing and maintaining network security devices

-Knowledge of offensive and defensive host and network security techniques

-Knowledge of common network and host security technologies and Cyber threat intelligence processes

-Ability to obtain a security clearance

Additional Qualifications:

-2+ years of experience with leading staff in project or task delivery

-Experience with scripting languages

-Experience with performing anomaly or malware hunts

-Experience with malware analysis, including static and dynamic analyses

-Experience with data loss prevention techniques and tools

-Knowledge of the Windows file system and areas of persistence

-BA or BS degree in CS, IT, Cybersecurity, or a related field

-Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), or other relevant GIAC Certification


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

Integrating a full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems by their side to help them achieve their missions.  Booz Allen is committed to delivering results that endure.

We are proud of our diverse environment, EOE, M/F/Disability/Vet.


Similar jobs