Cyber Threat Hunter

About The Position

Requirements

• Cyber Operations
• Cyber Threat Analysis
• Cyber Threat Hunting
• Cyber Threat Intelligence
• Cyber Threat Prevention
• 4+ years cybersecurity experience with 2+ years in threat hunting, SOC, IR, or CTI.
• Experience in DoW, Intelligence Community, or federal cyber environments preferred.
• Strong experience with Splunk or other SIEM platforms.
• Strong knowledge of CTI lifecycle and intelligence-driven defense.
• Experience creating hunt hypotheses and conducting structured hunts.
• Deep understanding of Windows, Linux, Active Directory, networking, and DNS.
• Knowledge of tools such as Trellix ESS, Splunk ES, Splunk SOAR, MAR/HX, NSM, Varonis, IDS, Stealthwatch, Cylance and ForeScout as duties performing cyber incident response and analysis.
• Familiarity with malware behavior and attacker tradecraft.
• Experience with cloud technologies (AWS, Azure, GCP).
• Experience with one or more: Ability to write or understand code in one or more: Python PowerShell Bash SQL Kusto Query Language JSON / YAML / Regex parsing
• Top Secret/SCI Clearance
• US citizenship required

Nice To Haves

• DoD 8570 / 8140 compliant certification preferred such as: CompTIA Security+ CySA+ CASP+ GIAC (GCIH, GCFA, etc.)

Responsibilities

• Conduct proactive and reactive threat hunts across enterprise networks, endpoints, servers, and cloud environments.
• Develop and execute hypothesis-based hunts using known adversary TTPs.
• Identify stealthy, persistent, or anomalous activity missed by automated detections.
• Pivot across multiple data sources to validate suspicious indicators.
• Leverage internal and external CTI feeds to enrich hunting operations.
• Translate intelligence reports into hunt hypotheses and detections.
• Analyze nation-state, criminal, and insider threat activity.
• Map adversary behavior to MITRE ATT&CK framework.
• Utilize Splunk or Elastic SIEM for advanced correlation searches, dashboards, detections, and threat investigations.
• Correlate logs from firewalls, EDR, DNS, authentication, proxy, cloud, and network sources.
• Tune detections to reduce false positives and improve fidelity.
• Perform hunts within cloud environments such as Amazon Web Services, Microsoft Azure, and Google Cloud.
• Analyze cloud control plane logs, IAM activity, API abuse, storage misuse, and lateral movement.
• Hunt for persistence techniques in SaaS / IaaS / PaaS environments.
• Develop scripts and automations to accelerate hunting and investigations.
• Build repeatable hunt playbooks and workflows.
• Integrate tools using APIs, SOAR, or custom automation.
• Automate enrichment of indicators and triage processes.
• Provide advanced analytical support to Incident Response teams.
• Validate indicators of compromise (IOCs)
• Support containment and eradication during active incidents.

Benefits

• Comprehensive benefits and wellness packages
• 401K with company match
• Competitive pay and paid time off
• Full flex work weeks where possible
• Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• Short and long-term disability benefits
• Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance