Cyber Threat Hunter

About The Position

Requirements

• Bachelor’s Degree with 8+ yrs of experience or Master’s Degree with 6+ yrs of relevant experience; additional years of experience may be substituted in lieu of degrees.
• DoD 8570 IAT Level II/III: Must hold an IAT Level II or higher certification (or obtain within 180 days). (e.g., CompTIA Security +, CySA+, GSEC and SSCP) or (CASP+ CE, CCNP Security, CISA, GCED, and GCIH)
• DoD 8570 CSSP Analyst: Must hold a CSSP Analyst certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, GIAC Global Information Assurance Certification (GCIA))
• DoD 8570 CSSP Infrastructure Support: Must hold a CSSP Infrastructure Support certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, EC-Council CEH, CND, CHFI, GIAC GICSP, and ISC2 SSCP)
• Technical Proficiency: Expert knowledge of networking protocols (TCP/IP, DNS, HTTP/S) and common security elements like IDS/IPS and next-gen firewalls.
• Data Analysis: Direct experience analyzing complex packet captures and endpoint logs to reconstruct attack timelines.
• Security Clearance: Current DoD TS/SCI security clearance and ability to pass additional customer suitability screenings prior to start and maintain throughout employment.

Nice To Haves

• Hunt Methodology: Demonstrated experience planning and executing hunt missions in complex, hybrid-cloud environments.
• Query Languages: Expert proficiency in SPL (Splunk), KQL (Kusto), or DSL (Elastic) for large-scale data mining.
• Scripting for Security: Advanced use of Python, PowerShell, or Bash to automate repetitive hunt tasks and data enrichment.
• Forensic Insight: Previous experience in Digital Forensics or Incident Response (DFIR) to assist in root-cause analysis.
• Cloud Infrastructure: Familiarity with hunting within AWS, Azure, O365, and containerized workloads.
• AI-Enhanced Defense: Experience using AI-driven analytics to sift through noise and identify anomalous behavioral patterns.

Responsibilities

• Hypothesis-Driven Hunting: Develop and execute structured hunt campaigns by forming theories on adversary persistence and lateral movement based on the latest TTPs.
• Advanced Telemetry Analysis: Query and correlate massive datasets across cloud resources, identity systems, and network infrastructure to identify "low and slow" attacks that evade automated detection.
• Detection Engineering Pipeline: Partner with detection teams to transform manual hunt discoveries into high-fidelity, automated detection rules (SIEM/EDR).
• Automated Countermeasure Deployment: Design and maintain automation scripts to scale threat mitigation and isolate compromised assets at machine speed.
• APT Targeting & Engagement: Utilize the MITRE ATT&CK framework to proactively search for Advanced Persistent Threat (APT) activity, assuming a "breach mentality" to uncover hidden adversaries.
• Indications & Warnings (I&W) Integration: Analyze internal and external telemetry to identify early triggers and "smoke" that signal an imminent or ongoing compromise.
• Tactical Reporting & Metrics: Author detailed technical hunt reports summarizing findings, operational gaps, and measurable improvements to the organization's security posture.
• Situational Awareness: Maintain a deep understanding of the current threat landscape, focusing on how new vulnerabilities or malware variants could be exploited within the customer enterprise.

Benefits

• Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement.