HHS - Threat Hunter

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
• Minimum 5–8 years of experience in threat hunting, incident response, or SOC operations.
• Hands-on experience with enterprise SIEM, EDR, and network security tools.
• Strong understanding of MITRE ATT&CK, kill chain analysis, and adversary behaviors.
• Experience analyzing large-scale security telemetry and logs.
• Knowledge of NIST SP 800-61, NIST SP 800-53, and federal incident response requirements.
• Strong analytical, scripting, and technical writing skills.

Nice To Haves

• Active GCED, GCTI, GCIA, or CISSP (preferred).

Responsibilities

• Conduct proactive, hypothesis-driven threat hunting to identify advanced persistent threats, insider threats, and stealthy adversary activity.
• Analyze system, endpoint, network, cloud, and application telemetry to identify anomalous behaviors.
• Develop and refine threat hunting hypotheses based on threat intelligence, MITRE ATT&CK techniques, and observed trends.
• Perform in-depth log analysis using SIEM and security analytics platforms.
• Identify, analyze, and validate Indicators of Compromise (IOCs) and adversary TTPs.
• Collaborate with SOC Analysts and Incident Responders to escalate confirmed threats.
• Develop and tune detection rules, correlation searches, and behavioral analytics.
• Produce weekly threat hunting reports documenting methodologies, findings, and recommendations.
• Support malware analysis and reverse engineering activities when required.
• Integrate threat intelligence feeds from HHS CSIRC, CISA, and other trusted sources.
• Assist in containment, eradication, and remediation activities during confirmed incidents.
• Support incident response playbooks, SOP updates, and continuous improvement initiatives.
• Participate in cyber exercises, tabletop exercises, and red/purple team engagements.
• Maintain documentation for threat hunting workflows, tools, and techniques.