Threat Hunter

We are seeking a highly skilled and innovative Threat Hunter to join our team in the greater DMV area, supporting the Army National Guard. Responsibilities Lead proactive threat‑hunting operations: develop hypotheses, analytic campaigns, and hunting workflows to detect sophisticated adversary behaviors across networks, endpoints, cloud, and OT/DCI systems. Build behavioral detection logic, long‑term analytic patterns, and anomaly models mapped to MITRE ATT&CK TTPs. Leverage threat intelligence, incident trends, CDAP findings, and vulnerability data to prioritize high‑risk hunt objectives and scope. Conduct deep forensic and telemetry analysis to uncover lateral movement, persistence mechanisms, credential misuse, and stealthy C2 activity. Develop hunt playbooks, repeatable methodologies, and validation procedures to elevate enterprise hunting maturity. Integrate hunting outputs into SOC, CIRT, RCC‑ARNG, NETCOM, and ARCYBER operations by delivering actionable detections, validated indicators, and threat behavior insights. Collaborate with detection engineering to convert hunt findings into high‑fidelity detections, tune SIEM/EDR rules, and expand telemetry coverage. Produce detailed technical reports, intelligence briefs, and executive summaries to inform remediation, detection priorities, and strategic risk decisions. Drive continuous improvement: identify telemetry gaps, enhance data‑enrichment pipelines, automate analytic processes, and evaluate emergent hunting tools and techniques. #ENOCS Qualifications Qualifications Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD Clearance: Active TS/SCI clearance. Candidate must meet ONE of the following: Master’s degree or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR Relevant DoD/military training (examples: 4‑11‑C32‑255S (CP); 4C‑255N (CP); 4C‑255A (CP); M0923W1; A‑531‑4417; Cyber Defense Analyst (Advanced) Playlist); OR Relevant professional certification or equivalent experience (examples: CBROPS; CFR; CySA+; GCFA; GCIA; GICSP). Required experience and skills: Cyber threat analysis, hunting, or advanced detection experience with at least 3 years leading hunt operations or detection programs in enterprise or DoD contexts. Deep expertise in telemetry analytics, log forensics, memory/disk analysis, and threat‑hunting toolchains (SIEM, EDR, network forensics). Proven ability to author hunt hypotheses, design validation tests, and operationalize findings into detection engineering and incident response workflows. Strong familiarity with MITRE ATT&CK, threat‑intelligence integration, adversary emulation, and validation methodologies. Excellent technical writing and briefing skills for producing reproducible hunt artifacts, IOC packages, and executive‑level intelligence products. Desired: Prior DoD/ARNG threat‑hunting or CDAP experience and experience coordinating with ARCYBER/NETCOM/RCC‑ARNG. Experience with automation of hunting workflows, advanced analytics (ML/behavioral models), and large‑scale telemetry platforms. #ENOCS Peraton Overview Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.