CBO - Tier 3 / Threat Hunter

About The Position

Requirements

• Active Public Trust clearance
• B.S. Computer Science, Information Technology, or a related field
• 7+ years of experience in cybersecurity operations, threat hunting, or incident response
• Strong experience with Microsoft Sentinel and Kusto Query Language (KQL)
• Hands-on experience with Microsoft Defender XDR (Endpoint, Identity)
• Experience analyzing logs across cloud (AWS), network, and endpoint environments
• Strong knowledge of MITRE ATT&CK framework and adversary techniques
• Experience with digital forensics and malware analysis
• Ability to conduct root cause analysis and develop remediation strategies
• Experience working in 24x7 SOC environments

Nice To Haves

• GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
• Microsoft Sentinel or Microsoft security platform certifications
• Relevant cloud security certifications (e.g., AWS security)
• Privacy certifications (e.g., CIPP/US, CIPM) where applicable

Responsibilities

• Conduct proactive threat hunting across identity, endpoint, network, and cloud telemetry
• Lead advanced incident investigations including root cause analysis and forensic analysis
• Develop and tune detection logic and analytics within Microsoft Sentinel (KQL)
• Perform correlation of multi-source telemetry aligned to MITRE ATT&CK framework
• Analyze logs from Microsoft Defender (Endpoint, Identity), AWS, firewalls, VPNs, and other sources
• Support incident containment, eradication, and recovery activities
• Develop and improve threat hunting hypotheses based on intelligence and trends
• Validate and refine detection use cases and monitoring capabilities
• Support red team / purple team exercises and adversary emulation
• Produce detailed incident reports, including timelines and remediation recommendations
• Identify security gaps and recommend mitigation strategies
• Collaborate with Tier 1 and Tier 2 analysts to improve triage and escalation processes