close

new & noteworthyLessons Learned From Data Science Application to Cyber Security Network Logs

The majority of modern operational detection capabilities rely on detection signatures. To help move beyond signatures, data science techniques are actively being explored to detect threats that signatures miss.

Continue Reading arrow_forward

Hunting GitHub Usernames

gitrax.py is a tool for searching GitHub usernames via the GitHub API; in this article, we walk through an example of hunting and pivoting through this API tracking users in the Gentoo breach.

Continue Reading arrow_forward

Time Signature Based Matching

The ability to detect automated behavior within cyber relevant log data is a useful tool for the network defender, as malicious activity executed by scripts or bots is likely to leave behind identifiable traces in logs.

View Video arrow_forward

Presentations

DIY OSINT Collection with Scumblr

Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context. With OSINT, you can enhance awareness of cyber security threats toward your landscape, and use this understanding to augment security decisions for your organization.

Continue Reading arrow_forward

Operationalizing Indicators

Are you inundated with reports from vendors, notes hurriedly documented in a text file, or a CSV file filled with indicators from the last few years? You’re not alone.

Continue Reading arrow_forward

A First-Timer's RSA Conference Experience: Part 1

This is the first of a two-part blog series about a data scientist's first experience at RSA Conference from guest blogger Lauren Deason, lead data scientist at PUNCH Cyber Analytics.

Continue Reading arrow_forward

Have I Seen You Before?

Using Splunk to Find Previously Unobserved HTTP and Email Traffic On Your Network.

Continue Reading arrow_forward

Time Signature Based Matching for Data Fusion and Coordination Detection in Cyber Relevant Logs

The ability to detect automated behavior within cyber log data is a useful tool for the network defender, as malicious activity executed by scripts or bots is likely to leave behind identifiable traces in logs.

Continue Reading arrow_forward

Jobs

Cloud and DevOps Engineer

Position Description: The Cloud and DevOps Engineer will be responsible initially for managing 2 Cloudera clusters, one in a GovCloud/AWS environment, and on on premises cluster. This includes managing and maintaining the data ingest and ETL scripts currently used to process terabytes of data from an S3 bucket. They will also be responsible for maintaining data storage and compute resources across competing processes (Hive, Impala, Spark). A key component of this job will be the ability to assist in planning for future architecture changes with Hbase, Kafka, and Apex in pursuit of a new data ingest pipeline coupled with data enrichment.

 

Desired Skills:
  • Strong Unix sys admin skills
    • RedHat / Centos
    • Puppet, Ansible
    • LDAP and certificate management (e.g. SSL)
    • Security hardening
    • Continuous monitoring and maintenance
    • Familiar with government security accreditation processes
  • Strong understanding/administration of Hadoop ecosystem
    • Cloudera, Hortonworks stacks
    • HDFS, Yarn
    • Hive, Impala, HBase, Kafka
    • Spark
  • Experience administering in cloud (AWS/GovCloud) environment
  • Good development skills
    • Java, Python, Bash
  • Experience ingesting and processing large amounts of data
    • Scaling/distributing ingest processes
    • Familiarity with a variety of data formats (json, xml, binary mapping)
    • Data validation and gotchas (e.g., character encodings, de-duplication)
  • Able to get a Secret level clearance (or currently possess one)
Apply

PUNCH Cyber Analytics Group

Phone: 703-594-7266

Email: info@punchcyber.com