Company Detail

Home / Company Detail
c
cFocus Software Inc.
Member Since,
Login to View contact details
Login
Add to Favourite Report Abuse Send Message

About Company

Job Openings

  • c

    Cyber Threat Hunter Senior with Security Clearance  

    cFocus Software Inc.
    - Washington
    Apply Now
    cFocus Software seeks a Cyber Threat Hunter (Senior) to join our progr... Read More
    cFocus Software seeks a Cyber Threat Hunter (Senior) to join our program supporting US Courts in Washington, DC. This position has remote capabilities. This position requires an active Public Trust clearance and must meet 8570 requirements. Required Qualifications include:
    5 years of experience performing threat hunts & incident response activities for cloud-based and non-cloud-based environments, such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Zscaler
    5 years of experience performing hypothesis-based threat hunt & incident response utilizing Splunk Enterprise Security.
    5 years of experience collecting and analyzing data from compromised systems using EDR agents (e.g. CrowdStrike) and custom scripts (e.g. Sysmon & Auditd)
    5 years of experience with the following threat hunting tools:
    Microsoft Sentinel for threat hunting within Microsoft Azure;
    Tenable Nessus and SYN/ACK for vulnerability management;
    NetScout for analyzing network traffic flow;
    SPUR.us enrichment of addresses
    Mandiant Threat intel feeds
    Must be able to work 80% (Monday thru Thursday) onsite at AOUSC office in Washington, DC
    Desired Qualifications include:
    One of the following certifications:
    GIAC Certified Intrusion Analyst (GCIA)
    GIAC Certified Incident Handler (GCIH)
    GIAC Continuous Monitoring (GMON)
    GIAC Defending Advanced Threats (GDAT)
    Splunk Core Power User
    Duties:
    Provide incident response services after an incident is declared and provides a service that proactively searches for security incidents that would not normally be detected through automated alerting.
    The Threat Hunt mission is to explore datasets across the judicial fabric to identify unique anomalies that may be indicative of threat actor activity based on the assumption that the adversary is already present in the judicial fabric. The extended mission is to conduct counterintelligence, build threat actor dossiers, disrupt adversary operations, identify misconfigurations/ vulnerabilities, and identify visibility/detection gaps, if any. Human analytical thinking is imperative to the primary and extended missions as it is up to the threat hunter to find signs of an intrusion that have bypassed the automatic detection process that may already be in place.
    Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now), for threat hunt support. Threat hunt targets include cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (i.e., Zscaler).
    Review and analyze risk-based Security information and event management (SIEM) alerts when developing hunt hypotheses.
    Review open-source intelligence about threat actors when developing hunt hypotheses.
    Plan, conduct, and document iterative, hypothesis based, tactics, techniques, and procedures (TTP) hunts utilizing the agile scrum project management methodology.
    At the conclusion of each hunt, propose, discuss, and document custom searches for automated detection of threat actor activity based on the hunt hypothesis.
    Configure, deploy, and troubleshoot Endpoint Detection and Response agents (e.g., CrowdStrike and Sysmon).
    Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
    Track and document cyber defense incidents from initial detection through final resolution.
    Interface with IT contacts at court or vendor to install or diagnose problems with EDR agents.
    Participate in government led after action reviews of incidents.
    Triage malware events to identify the root cause of specific activity.
    Attend daily Agile Scrum standups and report progress on assigned Jira stories.
    Deliverables:
    Hunt Hypotheses: Hunt hypotheses describe how an actor might operate in the network while remaining undetected. The hypothesis describes what is expected to happen if the hypothesis is true and what is expected to happen if the hypothesis is false. The hypothesis contains all data required, is free from errors in grammar, spelling, content, and submitted in the specified times that are stated in the deliverable section.
    Hunt Reports: Hunt reports describe the original hypothesis and all iterations. At each stage, the report details how the hypothesis was tested and the results. The reports contain all data required, is free from errors in grammar, spelling, content, and submitted in the specified times that are stated in the deliverable section.
    Detection Logic: Document and test detection logic for automated detection of threat actor activity based on hunt hypothesis. Detection logic in the form of Splunk Enterprise Security (ES) searches that are run at proposed intervals. Proposal and discussion will happen in agile scrum stand up meetings. Document in Jira stories.
    Advanced SME IR Reports: Timely Advanced SME IR Support for Priority 1 Security Events. SME actively participating in IR activities within 4 hours of request (7x24x365).
    Incident Report: Document all incident details in an incident report. Report shall include executive summary, details of incident, security impact of incident, timeline of incident, and actions taken.
    Provide Weekly Reports to the AOUSC Program Manager that documents all activities, tasks, tickets and documents worked on.
    Document repeatable Standard Operation Procedures (SOPs) and playbooks for security use cases. Read Less
    Apply Now
  • c

    Malware and Forensic Analyst (Senior) with Security Clearance  

    cFocus Software Inc.
    - Washington
    Apply Now
    cFocus Software seeks a Malware and Forensic Analyst (Senior) to join... Read More
    cFocus Software seeks a Malware and Forensic Analyst (Senior) to join our program supporting US Courts in Washington, DC. This position has remote capabilities. Required Qualifications include:
    5 years of experience analyzing forensic artifacts, performing filesystem timeline analyses, and identifying intrusion root causes of operating systems (e.g., Windows, Linux, and macOS)
    5 years of experience utilizing the following forensics tools:
    Magnet AXIOM to acquire, analyze, and report on digital evidence;
    SANS SIFT Workstation for disk/memory analysis, network forensics, and malware analysis;
    Encase to collect, analyze, and report on digital evidence;
    Velociraptor to collect and analyze data from multiple endpoints;
    KAPE (Eric Zimmerman's tools) to collect and process files;
    SUMURI TALINO Workstations/Laptops
    Cellebrite
    Bi-Weekly Threat Assessment Reports (BTARs)
    Must have ability to perform required forensics/malware analyst duties, including:
    Create duplicates of evidence that ensure the original evidence is not unintentionally modified;
    Extracting deleted data using data carving techniques
    Performing static and dynamic malware analysis to discover indicators of compromise (IOCs)
    Must be able to work 80% (Monday thru Thursday) onsite at AOUSC office in Washington, DC
    Desired Qualifications include:
    One of the following certifications:
    GIAC Certified Intrusion Analyst (GCIA)
    GIAC Certified Incident Handler (GCIH)
    GIAC Continuous Monitoring (GMON)
    GIAC Defending Advanced Threats (GDAT)
    Splunk Core Power User
    EnCase Certified Examiner
    SANS GCFA
    Volatility Certified Duties:
    Provides digital forensics and incident response support to the AOUSC Security Operations Center (SOC). Collects, analyzes, and evaluates forensic artifacts associated with threat activity against Judiciary networks. Products created by the analyst assist the SOC and the Courts in understanding the nature and impact of cyber incidents, allowing for informed decision making in prioritizing, addressing, and mitigating risk across the Judicial Branch of Government.
    Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now) for advanced subject matter expert (SME) technical investigative support for real-time incident response (IR). IR includes cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (e.g., Zscaler).
    Create duplicates of evidence that ensure the original evidence is not unintentionally modified. AOUSC supplied procedures and tools shall be used to acquire the evidence.
    Analyze forensic artifacts of operating systems (e.g., Windows, Linux, and macOS) to discover elements of an intrusion and identify root cause.
    Perform live forensic analysis based on SIEM data (e.g., Splunk).
    Perform filesystem timeline analysis for inclusion in forensic report.
    Extract deleted data using data carving techniques.
    Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
    Perform static and dynamic malware analysis to discover indicators of compromise (IOC).
    Analyze memory images to identify malicious patterns using Judiciary tools (e.g. Volatility). Analysis results documented in forensics report.
    Additional forensics/malware analysis activities may include:
    Perform efficient and prioritized identification of cyber security threats and incidents with an emphasis on clear articulation of the potential threat(s) and actualized risks associated with such threats and incidents.
    Objectively measure reduction of adversary dwell time within judicial networks.
    Perform comprehensive analysis of security incidents for identification of root cause in support of detection improvements and risk mitigations. Deliverables:
    Image Duplication: Duplication of evidence for processing by multiple analysts. Requests received via AOUSC ITSM (Heat or Service Now)
    Deleted Files: Deleted files supplied to requestor.
    Advanced SME IR Reports: Timely Advanced SME IR Support for Priority 1 Security Events. SME actively participating in IR activities within 4 hours of request (7x24x365).
    Incident Reports: All forensic reports include a timeline. The timeline includes network, endpoint, and application events (if available). The report contains all data required, is free from errors in grammar, spelling, content, and submitted in the specified times that are stated in the deliverable section.
    Forensic Reports: Document the results of a forensic investigation. Report will include a table of contents, executive summary, timeline of events, and a conclusion.
    Malware Analysis Reports: Document the results of analyzing a specific malware specimen. Report shall include a table of contents, executive summary, technical details, indication of persistence mechanisms and a conclusion.
    Provide Weekly Reports to the AOUSC Program Manager that documents all activities, tasks, tickets and documents worked on.
    Document repeatable Standard Operation Procedures (SOPs) and playbooks for security use cases. Read Less
    Apply Now
Load more jobs loading image.

Company Detail

  • Is Email Verified
    No
  • Total Employees
  • Established In
  • Current jobs

Google Map

Quick Links
For Jobseekers
For Employers
Contact Us
Astrid-Lindgren-Weg 12 38229 Salzgitter Germany
+49 5341 1888818
Copyright © 2025 QuickToJobs - All Rights Reserved