Senior Cyber Hunt and Incident Response Analyst (Host/Endpoint)

phia, LLC

  • Full Time
At phia we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.
We are seeking a Senior Cyber Hunt & Incident Response Analyst to support a large Federal threat hunting organization. In this position, you will be on the front line of supporting national and international cyber intrusions teaming with agency and private sector partners to secure America’s critical infrastructure. These engagements entail performing host forensics and endpoint analysis to identify, understand, and counter cyber threat actor activity. Come join our cutting-edge team working on stopping some of the world’s most advanced adversaries. This position is a hybrid role, with scheduled on-site work located on a customer site in Arlington, VA 

What You’ll Do

  • Provide senior-level technical subject matter expertise and support as part of a team of analysts focused on host-level digital forensics and endpoint detection & response (DFIR / EDR). 
  • Perform analysis of logs/artifacts from a variety of sources (host/network alerts, host logs, network traffic logs, malicious files, registry, filesystems, etc.) to identify threats. 
  • Provide technical assistance on digital evidence matters and forensic investigative techniques. 
  • Perform analyses on hosts running on a variety of platforms and operating systems  
  • Oversee forensic analysis and mentor others on data collection, analysis, and reporting in support of both remote and on-site engagements. 
  • Perform real‐time hunt and incident response (data collection, intrusion correlation/tracking, threat analysis, timeline construction) tasks and advise on remediation activities. 
  • Build and maintainability with a variety of host forensic and endpoint detection & response (EDR) tools and capabilities (e.g., Encase, FTK, SIFT, Volatility, Magnet Forensics, Crowdstrike, Mandiant/GRR, SentinelOne, Microsoft/MDE, etc.). Utilize Splunk and other data analysis, visualization, and correlation tools to support hunt and IR engagements. 
  • Summarize and document analysis findings in executive summaries and in-depth technical reports 
  • Required: Education + Experience

  • Bachelor’s degree in Computer Science, Cybersecurity, Computer Engineering, or a related area of study. If no degree is held, candidates must have 7-9 years of hunt/incident response experience. 
  • 8+ years of directly relevant experience in cyber forensic investigations 
  • Experience in supporting and leading Incident Response teams 
  • Experience writing thorough cyber investigative reports detailing incident findings. 
  • Proficiency with analysis and characterization of cyber-attacks (Kill Chain, MITRE ATT&CK). 
  • Proficiency with common operating systems (Linux/Unix, Windows), with a demonstrated understanding of how they may be compromised. 
  • Skilled in identifying different classes of attacks and attack stages 
  • Experience using Splunk  
  • Security Clearance

  • Must be U.S. citizen
  • Active Top Secret security clearance, ability to obtain SCI
  • DHS EOD suitability will be required prior to start
  • Certifications (One or more)

  • GIAC Certified Incident Handler (GCIH) 
  • GIAC Certified Forensic Examiner (GCFE) 
  • GIAC Certified Forensic Analyst (GCFA) 
  • EnCase Certified Examiner (EnCE)  
  • Certified Forensic Computer Examiner (CFCE) 
  • Certified Information Systems Security Professional(CISSP) 
  • #LI-LC1
    Who You Are
     A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
    Intellectually curious with a genuine desire to learn and advance your career.
    An effective communicator, both verbally and in writing.
    Customer service-oriented and mission-focused.
    Critical thinker with excellent problem-solving skills
    If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.
    Who We Are
    phia, LLC is a Northern Virginia-based, small business established in 2011 with a focus on Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
    phia values work-life balance and offers the following benefits to full-time employees:
     Comprehensive medical insurance to include dental and vision
    Short Term & Long-Term Disability
     401k Retirement Savings Plan with Company Match
    Tuition and Professional Development Assistance Flex Spending Accounts (FSA)
    phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.
    Job Overview

    Receive job alerts twice per week:

    Your subscription could not be saved. Please try again.
    Your subscription has been successful.

    Choose one or more global alerts or browse to the USA and UK alert pages:

    USA Specific Job Alerts
    UK Specific Job Alerts

    Our marketing platform's terms of use