Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Cyber Threat Hunter

Full-time

cFocus Software Incorporated

cFocus Software seeks a Mid Level Cyber Threat Hunter to join our program supporting US Courts in Washington, DC. This position is 4 days a week onsite in DC and one day remote.

Required Qualifications include:
  • 5+ years of experience performing threat hunts & incident response activities for cloud-based and non-cloud-based environments, such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Zscaler 
  • 5+ years of experience performing hypothesis-based threat hunt & incident response utilizing Splunk Enterprise Security.
  • 5+ years of using Splunk to create queries and look up tables.
  • 5+ years of experience collecting and analyzing data from compromised systems using EDR agents (e.g. CrowdStrike ) and custom scripts (e.g. Sysmon & Auditd )
  • 5+ years of experience with the following threat hunting tools:
    • Microsoft Sentinel for threat hunting within Microsoft Azure;
    • Tenable Nessus and SYN/ACK for vulnerability management;
    • NetScout for analyzing network traffic flow;
    • SPUR.us enrichment of addresses
    • Mandiant Threat intel feeds
  • Must be able to work 80% (Monday thru Thursday) onsite at AOUSC office in Washington, DC
Desired Qualifications include:
  • One of the following certifications:
    • GIAC Certified Intrusion Analyst (GCIA)
    • GIAC Certified Incident Handler (GCIH)
    • GIAC Continuous Monitoring (GMON)
    • GIAC Defending Advanced Threats (GDAT)
    • Splunk Core Power User
Duties:
  • Provide incident response services after an incident is declared and provides a service that proactively searches for security incidents that would not normally be detected through automated alerting.
  • The Threat Hunt mission is to explore datasets across the judicial fabric to identify unique anomalies that may be indicative of threat actor activity based on the assumption that the adversary is already present in the judicial fabric.
  • Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now), for threat hunt support. Threat hunt targets include cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (i.e., Zscaler).
  • Review and analyze risk-based Security information and event management (SIEM) alerts when developing hunt hypotheses.
  • Review open-source intelligence about threat actors when developing hunt hypotheses.
  • Plan, conduct, and document iterative, hypothesis based, tactics, techniques, and procedures (TTP) hunts utilizing the agile scrum project management methodology.
  • At the conclusion of each hunt, propose, discuss, and document custom searches for automated detection of threat actor activity based on the hunt hypothesis.
  • Configure, deploy, and troubleshoot Endpoint Detection and Response agents (e.g., CrowdStrike and Sysmon).
  • Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
  • Track and document cyber defense incidents from initial detection through final resolution.
  • Interface with IT contacts at court or vendor to install or diagnose problems with EDR agents.
  • Participate in government led after action reviews of incidents.
  • Triage malware events to identify the root cause of specific activity.
  • Attend daily Agile Scrum standups and report progress on assigned Jira stories.
Deliverables:
  • Hunt Hypotheses : Hunt hypotheses describe how an actor might operate in the network while remaining undetected. The hypothesis describes what is expected to happen if the hypothesis is true and what is expected to happen if the hypothesis is false. The hypothesis contains all data required, is free from errors in grammar, spelling, content, and submitted in the specified times that are stated in the deliverable section.
  • Hunt Reports : Hunt reports describe the original hypothesis and all iterations. At each stage, the report details how the hypothesis was tested and the results. The reports contain all data required, is free from errors in grammar, spelling, content, and submitted in the specified times that are stated in the deliverable section.
  • Detection Logic: Document and test detection logic for automated detection of threat actor activity based on hunt hypothesis. Detection logic in the form of Splunk Enterprise Security (ES) searches that are run at proposed intervals. Proposal and discussion will happen in agile scrum stand up meetings. Document in Jira stories.
  • Advanced SME IR Reports : Timely Advanced SME IR Support for Priority 1 Security Events. SME actively participating in IR activities within 4 hours of request (7x24x365).
  • Incident Report: Document all incident details in an incident report. Report shall include executive summary, details of incident, security impact of incident, timeline of incident, and actions taken.
  • Provide Weekly Reports to the AOUSC Program Manager that documents all activities, tasks, tickets and documents worked on.
  • Document repeatable Standard Operation Procedures (SOPs) and playbooks for security use cases.

Vacancy posted 2 days ago
Similar jobs that could be interesting for youBased on the Cyber Threat Hunter in Washington DC vacancy
  • $94.1k - $150k

     ...Position Overview The Cyber Threat Hunter proactively protects enterprise environments from advanced cyber threats by analyzing network, endpoint, and log data to identify malicious activity that may evade conventional security controls. This role establishes normal traffic... 
    Cyber
    Contract work
    Work at office

    ASM Research, An Accenture Federal Services Company

    Washington DC
    8 hours ago
  •  ...A cybersecurity firm in Arlington, Virginia, is seeking a Computer Network Defense Analyst to monitor network activity, analyze cyber threats, and recommend proactive measures to contain incidents. The ideal candidate will have over 5 years of experience in cyber defense... 
    Cyber

    Base One Technologies

    Arlington, VA
    8 hours ago
  •  ...Cybersecurity Threat HunterSecurity OperationsUS Exempt RegularFull timeStateside Exempt 3.4 Cybersecurity Threat Hunter Security Operations Full-time, Exempt Regular, Pay Grade...  ...consultation on threat hunting methodologies and cyber adversary techniques. Maintain... 
    Cyber
    Full time

    University of Maryland Global Campus

    Adelphi, MD
    20 days ago
  •  ..., ownership, and execution over bureaucracy. Title: Senior Threat Hunter Location: Washington, DC or Chandler, AZ Terms: Full-time...  ...across a security program Current knowledge of cyber adversary tactics, trends, and the evolving federal threat landscape... 
    Cyber
    Full time
    Work experience placement
    Flexible hours

    Revolutional, LLC

    Washington DC
    28 days ago
  •  ...Job Description *** This position is contingent upon contract award *** Overview SOSi is seeking a Senior Threat Hunter to support proactive cyber defense activities in alignment with our customer. This role is responsible for conducting threat hunting... 
    Cyber
    Contract work
    Work at office
    Worldwide
    Monday to Friday
    Weekend work
    Afternoon shift

    SOSi

    Washington DC
    3 days ago
  •  ...Job Description Job Description cFocus Software seeks a Mid Level Cyber Threat Hunter to join our program supporting US Courts in Washington, DC. This position is 4 days a week onsite in DC and one day remote. Required Qualifications include: ~5+ years of experience... 
    Cyber
    Work at office
    Remote work

    cFocus Software Incorporated

    Washington DC
    2 days ago
  • $164k - $240k

     ...Lead of Threat Operations Support, Mandiant, Google Cloud Following our transition to a high-velocity architecture optimized to Build...  ...of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant... 
    Cyber

    Google

    Washington DC
    1 day ago
  •  ...Requisition #: 1617 Job Title: Cyber Threat Intelligence Analyst Location: Hybrid, Arlington, VA Clearance Level: Top Secret, Must Have Clearance to Start Job Description Agile Defense is actively seeking a Cyber Threat Intelligence Analyst with background experience... 
    Cyber
    2 days per week

    Agile Defense

    Arlington, VA
    4 days ago
  •  ...Cyber Threat Analyst/Computer Security Systems Specialist The client is looking for a Cyber Threat Analyst/Computer Security Systems Specialist to research and analyze classified reporting to identify current and emerging threat trends and work with intelligence community... 
    Cyber
    Day shift

    Beyond SOF

    Arlington, VA
    1 day ago
  •  ...Summary Cyber Threat Analysts assess foreign cyber intentions and capabilities to support U.S. national security interests. Learn more about this agency Duties Help As a Cyber Threat Analyst at CIA, you will analyze foreign cyber intentions and capabilities... 
    Cyber
    Full time
    Part time

    Central Intelligence Agency

    Washington DC
    1 day ago
  • $120k - $145k

     ...flexibility, and ingenuity to strengthen and protect our nation's vital interests. Requisition #: 1617 Job Title: Cyber Threat Intelligence Analyst Location: Hybrid, Arlington, VA Clearance Level: Top Secret, Must Have Clearance to Start... 
    Cyber
    2 days per week

    Agile Defense

    Arlington, VA
    3 days ago
  •  ...Threat Intelligence Analyst Location: Bethesda, MD Role Summary: Mid-level CTI analyst collecting, analyzing, and operationalizing cyber threat intelligence to improve detection and response. Must-Have Skills: ~3–5 years threat intelligence, SOC, or IR experience... 
    Cyber

    Merit 321

    Bethesda, MD
    2 days ago
  • $107.9k - $195.05k

     ...Description The Leidos Digital Modernization sector is looking for a Cyber Threat Intelligence Analyst to support a Defensive Cyber Operations (DCO) team in Washington, DC. This position is expected to become available in Summer 2026. Our team provides mission critical... 
    Cyber
    Summer work
    Casual work
    Remote work
    Shift work
    Night shift
    Rotating shift

    Fairygodboss

    Washington DC
    1 day ago
  • $100k - $124k

     ...produce meaningful results. This is a contingent position based upon customer approval. SkyePoint Decisions is seeking a Cyber Threat Analyst to support the Diplomatic Security Cyber Mission (DSCM) program providing leading cyber and technology security... 
    Cyber
    Contract work
    Remote work
    Overseas

    SkyePoint Decisions

    Arlington, VA
    1 day ago
  •  ...Evolver Federal is seeking a Lead Cyber Threat Analyst to fulfil a requirement for a potential government client. The Lead Cyber Threat Analyst is responsible for identifying, analyzing, and mitigating advanced cyber threats targeting federal systems and critical infrastructure... 
    Cyber
    Flexible hours

    EmergencyMD

    Washington DC
    8 hours ago
  • $100k - $155k

     ...Cyber Threat Intelligence Analyst Northern Virginia Position Summary The Senior Cyber Threat Intelligence Analyst is responsible for collecting, analyzing, and disseminating actionable intelligence to support enterprise cybersecurity operations, fraud prevention... 
    Cyber
    Temporary work
    Work at office
    Remote work
    Flexible hours

    SIXGEN

    Alexandria, VA
    4 days ago
  •  ...Cyber Threat Analyst As a Cyber Threat Analyst at CIA, you will analyze foreign cyber intentions and capabilities to support U.S. national security interests. You will identify, monitor, and counter threats against US information systems and critical infrastructure... 
    Cyber

    US Government Jobs - Other Agencies

    Washington DC
    1 day ago
  • $80k - $128k

     ...Peraton is seeking a Cyber Investigations Analyst for its Federal Strategic Cyber Group. This full-time, on-site position is based in Arlington, VA. Candidates should possess a Bachelor’s degree and at least 5 years of relevant experience, along with cybersecurity certifications... 
    Cyber
    Full time

    Peraton

    Arlington, VA
    8 hours ago
  • cFocus Software seeks a Cyber Hunter to join our program supporting the National Institutes of Health (NIH). This position is fully remote...  ...Technology, or a related field ~4+ years conducting threat hunting or advanced cybersecurity investigations. ~ Experience... 
    Cyber
    Full time
    Remote work

    cFocus Software Incorporated

    Bethesda, MD
    8 days ago
  •  ...Threat Intelligence Analyst Zantech is looking for a talented Threat Intelligence Analyst to contribute to the success of our upcoming Program Management and Cyber Support Services project for an Onsite role based out of Arlington, VA. The Threat Intelligence Analyst... 
    Cyber
    Contract work

    Zantech

    Arlington, VA
    8 hours ago
  •  ...Job Description Job Description We are seeking a motivated Threat Hunter to support enterprise cybersecurity operations in a fast-paced federal environment. The successful candidate will help protect mission-critical systems while collaborating with technical and operational... 
    Cyber

    Omniscius Consulting

    Washington DC
    2 days ago
  • $83.85k - $107.95k

     ...Threat Analyst Chicago, IL, USKansas City, MO, USHouston, TX, USAtlanta, GA, USWashington...  ...and continuously adapts to the evolving cyber threat landscape. Responsibilities...  ...experience in Cyber Intelligence or as a Threat Hunter, ideally within a CIRT/SOC; hands-on... 
    Cyber
    Temporary work
    Local area

    Dentons US LLP

    Washington DC
    4 days ago
  • $117.54k - $145k

     ...Are HII-Mission Technologies is seeking a senior-level Insider Threat Specialist to support the Office of National Security (ONS) within...  ...in counterintelligence, intelligence, insider threat, cyber threat intelligence, information security, national personnel security... 
    Cyber
    Full time
    Work experience placement
    Work at office
    Local area
    Immediate start
    Worldwide

    HII's Mission Technologies division

    Washington DC
    55 minutes ago
  • $3,000 per month

     ...WHAT WE’RE DOING Lockheed Martin, Rotary Mission Systems Cyber & Intelligence invites you to step up to one of today’s most daunting...  ..., you’ll work with cybersecurity experts on the forefront of threat protection and proactive prevention. In this fast-paced, real-world... 
    Cyber

    Lockheed Martin

    Chevy Chase, MD
    3 days ago
  • $178.4k - $226.7k

     ...Description The Threat Intelligence for Global Enterprise Response (TIGER) team, part of Amazon Cyber Threat Intelligence (ACTI), is responsible for developing actionable intelligence on advanced cyber threats to Amazon employees and company assets. We obtain indicators... 
    Cyber
    Flexible hours
    Night shift
    Weekend work

    Amazon

    Arlington, VA
    2 days ago
  •  ...Job Description Job Description Job Title:   Senior Cyber Analyst City: Alexandria State: Virginia Position Requirements...  ...with intelligence tools including Defense Intelligence Threat Library, Validated Online Lifecycle Threat reports, Community On... 
    Cyber
    Work experience placement
    Work at office
    Local area

    Noetic Strategies Inc.

    Alexandria, VA
    28 days ago
  •  ...Overview Role Summary: The Cyber Security Engineer is responsible for developing and implementing security measures to protect the...  ...solutions into projects. Stay updated on the latest cybersecurity threats and trends. Develop and implement quantum-safe security... 
    Cyber

    Beyond SOF

    Washington DC
    8 hours ago
  •  ...A technology firm in Virginia is seeking an experienced SME Cyber Incident Response Analyst to join its team. This role involves monitoring and responding to cyber threats, leading incident response activities, and providing expert investigative support. Ideal candidates... 
    Cyber

    Via Logic LLC

    Alexandria, VA
    2 hours ago
  •  ...Serve as a mid to senior-level cybersecurity specialist providing cyber-specific expertise to DHS systems. Works closely with federal...  ...procedures to plan and execute assessments. Performs and documents threat/risk assessments, develops cyber resilience test strategies and... 
    Cyber
    Remote work

    Black Diamond Consulting Corporation

    Washington DC
    3 days ago
  •  ...Description: Hybrid in Washington, DC   Our client seeks an Insider Threat Analyst Lead to support a federal cybersecurity program focused...  ...case management for cybersecurity investigations. ~ Certified Cyber Insider Threat Professional (CCITP) Program. ~ Preferred:... 
    Cyber
    Hourly pay
    Contract work
    Local area

    Eliassen Group

    Washington DC
    5 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Cyber Threat Hunter. Be the first to apply!