Cyber Threat Intelligence Hunter

Leidos•Honolulu, HI

About The Position

Leidos is seeking a Cyber Threat Hunter to join a mission‑critical cybersecurity team dedicated to staying ahead of sophisticated adversaries. In this role, you’ll proactively hunt for malicious activity, analyze emerging attacker tactics, and transform intelligence into actionable defensive improvements that protect high‑value assets. If you thrive on uncovering the unknown, analyzing complex threat patterns, and strengthening enterprise‑wide defenses, this is where your expertise will shine. You’ll work closely with SOC analysts, incident responders, and security engineers to elevate detection capabilities, guide investigations, and mentor others in advanced threat‑hunting tradecraft. As a Cyber Threat Hunter, you’ll lead proactive detection efforts, analyze threat intelligence, and develop advanced detection content to stay ahead of evolving threats.

Requirements

Active DoD TS/SCI clearance
Current DoD 8140‑compliant security certification; ability to obtain CE certification within 6 months
Bachelor’s degree and 6+ years of cybersecurity experience (or equivalent experience/certifications)
Experience with Endpoint Detection and Response (EDR) platforms
Strong understanding of security controls across Endpoint, Cloud, SaaS, and Identity
Background in analyzing alerts and identifying anomalous or malicious activity
Experience developing detection content and understanding content lifecycle management
Ability to analyze logs from Network/Host, EDR, Firewall, IDS/IPS, and Cloud sources
Experience leading incident response engagements
Knowledge of security architectures, firewalls, vulnerabilities, and system/application threats
Strong communication skills for presenting findings to stakeholders
Ability to travel as required
Proven, well‑rounded experience in information security

Nice To Haves

Bachelor’s degree in IT, CIS, Cybersecurity, or related field
Certifications such as CySA+, CASP+, CISSP, or equivalent
Familiarity with MITRE ATT&CK and other security frameworks
Experience with Security Onion
Hands‑on experience with tools such as EDR, Firewalls, IDS/IPS, DLP, SIEM, forensic/malware analysis, and cloud security tools
Strong analytical, problem‑solving, communication, and project management skills

Responsibilities

Conducting proactive threat hunts to identify suspicious activity before it escalates
Applying critical thinking to analyze threat intelligence, attacker TTPs, and emerging techniques
Reviewing and correlating logs from firewalls, hosts, EDR, IDS/IPS, and other internal sources
Responding to RFIs and conducting scoped investigations using all available tools
Leveraging strong knowledge of security controls across Endpoint, Cloud, SaaS, and Identity
Using EDR platforms to investigate alerts, anomalies, and malicious activity
Developing custom SIEM and IDS rules/signatures to strengthen detection capabilities
Performing incident handling tasks including triage, response, documentation, and lessons learned
Educating customers on threats and advising on best practices
Analyzing ongoing attacks such as phishing, DDoS, ransomware, and data leakage
Tracking and engaging with threat actors across the clear, deep, and dark web
Serving as a subject‑matter expert in threat intelligence and advanced detection
Building dashboards, alerts, and monitoring content within SIEM and other security tools
Continuously optimizing detection content to support SOC operations
Creating and maintaining technical documentation, detection strategies, and monitoring processes
Identifying detection gaps and recommending improvements
Mentoring SOC analysts and guiding team members in tactical security practices
Developing strategies for incident handling and coordinating responses to security breaches