Cyber Threat Hunter

About The Position

Requirements

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field, or equivalent relevant experience.
• 4 years of experience in cybersecurity or a closely related technical security role.
• Demonstrated ability to perform system administrator-level analysis across multiple platforms and operating systems in support of cyber investigations.
• Strong analytical and problem-solving skills with the ability to identify, track, and assess adversary TTPs and suspicious activity.
• Knowledge of intrusion detection methodologies, evidence preservation practices, and cyber defense and information security policies, procedures, and regulations.
• Ability to support work in a U.S.-only staffing environment and satisfy any client-required background investigation or security requirements.

Nice To Haves

• Relevant cybersecurity certifications such as GCDA, GNFA, CompTIA PenTest+ (Removed CISSP), CISM, or CompTIA CySA+.
• Experience with reverse engineering, malware analysis, vulnerability research, and threat analysis in enterprise or government environments.
• Familiarity with U.S. Army Corps of Engineers (USACE) IT policies and operational security requirements.
• Experience preparing technical reports, incident summaries, and threat findings for stakeholders and operational leadership.

Responsibilities

• Conduct proactive threat hunting across networks, endpoints, and security datasets to identify, isolate, and help eradicate advanced threats before they impact operations.
• Analyze logs from multiple sources, including packet captures, correlation engines, parsed security data, and endpoint telemetry, to detect suspicious behavior and validate threat activity.
• Establish and maintain baseline patterns for normal traffic, system activity, and data flows to improve anomaly detection and investigative accuracy.
• Collaborate closely with SOC analysts and detection engineers to recommend new alerts, analytics, and monitoring logic based on threat hunting findings, emerging trends, and identified visibility gaps.
• Develop automation scripts and workflows (using SOAR platforms, Python, PowerShell, or similar tools) to streamline threat hunting activities, automate repetitive analytical tasks, and reduce detection and response time.
• Research and track adversary tactics, techniques, and procedures (TTPs), developing technical hypotheses and investigative leads based on threat intelligence and observed behaviors.
• Support incident response activities by creating incident documentation, follow-up actions, reporting criteria, and recommendations that improve overall response maturity and operational resilience.
• Examine and characterize malware and cyber threats, including viruses, worms, bots, rootkits, and Trojan horses, to determine threat nature, scope, and potential impact.
• Apply reverse engineering and binary analysis techniques using tools such as Ghidra and IDA Pro to support vulnerability research and understand malicious code behavior.