Cyber Threat Hunter, Mid

About The Position

Requirements

• 2+ years of experience analyzing adversary behaviors, developing hunt hypotheses, and executing structured, hypothesis-driven hunt operations
• Experience conducting hunts aligned to MITRE ATT&CK and frameworks, such as Splunk PEAK
• Experience leveraging threat intelligence and emerging adversary TTPs to develop hunt hypotheses
• Experience performing advanced analytics, log analysis, and forensic triage to support CI and threat investigations
• Experience maintaining documentation, including SOPs, analytic development notes, deployment records, and review cycles that provide repeatable and auditable workflows
• Ability to translate hunt findings into actionable improvements, such as detection enhancements, visibility recommendations, and updated playbook
• Ability to produce hunt reports, brief leadership, and collaborate with SOC and IR teams
• Public Trust
• Bachelor's degree

Nice To Haves

• Experience with Splunk Enterprise, SPL queries, and analytic development
• Experience with behavioral analytics, anomaly detection, and statistical or machine learning based hunting techniques
• Experience supporting CI investigations or sensitive case forensics
• Experience developing or refining hunt playbooks, detection logic, and visibility assessments
• Experience conducting program maturity assessments, gap analyses, and roadmap development for hunt program improvement
• Knowledge of endpoint detection and response (EDR) tools and telemetry sources used in hunt operations
• Knowledge of Zero Trust, identity centric security models, and modern enterprise architecture
• Possession of excellent oral and written communication skills

Responsibilities

• Proactively identifying malicious activity
• Uncovering hidden threats
• Strengthening the organization's defensive posture
• Conducting hypothesis‑driven hunts across enterprise networks
• Leveraging threat intelligence, adversary TTPs, and behavioral analytics to detect early indicators of compromise
• Performing deep‑dive analysis of logs, endpoint telemetry, and network data to validate findings, uncover patterns, and escalate confirmed threats to SOC and IR teams
• Contributing to the continuous improvement of detection capabilities by developing new analytics, refining existing logic, and identifying visibility gaps across the environment
• Documenting repeatable workflows
• Producing high‑quality hunt reports
• Briefing leadership and mission stakeholders on emerging threats, hunt outcomes, and recommended defensive improvements
• Collaborating closely with SOC, IR, CTI, and platform engineering teams to operationalize intelligence, integrate new data sources, and mature the organization's hunt program

Benefits

• health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care
• recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values