Cyber Threat Hunter
Full-time
cFocus Software Incorporated
cFocus Software seeks a Mid Level Cyber Threat Hunter to join our program supporting US Courts in Washington, DC. This position is 4 days a week onsite in DC and one day remote. Required Qualifications include:
- 5+ years of experience performing threat hunts & incident response activities for cloud-based and non-cloud-based environments, such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Zscaler
- 5+ years of experience performing hypothesis-based threat hunt & incident response utilizing Splunk Enterprise Security.
- 5+ years of using Splunk to create queries and look up tables.
- 5+ years of experience collecting and analyzing data from compromised systems using EDR agents (e.g. CrowdStrike ) and custom scripts (e.g. Sysmon & Auditd )
- 5+ years of experience with the following threat hunting tools:
- Microsoft Sentinel for threat hunting within Microsoft Azure;
- Tenable Nessus and SYN/ACK for vulnerability management;
- NetScout for analyzing network traffic flow;
- SPUR.us enrichment of addresses
- Mandiant Threat intel feeds
- Must be able to work 80% (Monday thru Thursday) onsite at AOUSC office in Washington, DC
- One of the following certifications:
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Continuous Monitoring (GMON)
- GIAC Defending Advanced Threats (GDAT)
- Splunk Core Power User
- Provide incident response services after an incident is declared and provides a service that proactively searches for security incidents that would not normally be detected through automated alerting.
- The Threat Hunt mission is to explore datasets across the judicial fabric to identify unique anomalies that may be indicative of threat actor activity based on the assumption that the adversary is already present in the judicial fabric.
- Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now), for threat hunt support. Threat hunt targets include cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (i.e., Zscaler).
- Review and analyze risk-based Security information and event management (SIEM) alerts when developing hunt hypotheses.
- Review open-source intelligence about threat actors when developing hunt hypotheses.
- Plan, conduct, and document iterative, hypothesis based, tactics, techniques, and procedures (TTP) hunts utilizing the agile scrum project management methodology.
- At the conclusion of each hunt, propose, discuss, and document custom searches for automated detection of threat actor activity based on the hunt hypothesis.
- Configure, deploy, and troubleshoot Endpoint Detection and Response agents (e.g., CrowdStrike and Sysmon).
- Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
- Track and document cyber defense incidents from initial detection through final resolution.
- Interface with IT contacts at court or vendor to install or diagnose problems with EDR agents.
- Participate in government led after action reviews of incidents.
- Triage malware events to identify the root cause of specific activity.
- Attend daily Agile Scrum standups and report progress on assigned Jira stories.
- Hunt Hypotheses : Hunt hypotheses describe how an actor might operate in the network while remaining undetected. The hypothesis describes what is expected to happen if the hypothesis is true and what is expected to happen if the hypothesis is false. The hypothesis contains all data required, is free from errors in grammar, spelling, content, and submitted in the specified times that are stated in the deliverable section.
- Hunt Reports : Hunt reports describe the original hypothesis and all iterations. At each stage, the report details how the hypothesis was tested and the results. The reports contain all data required, is free from errors in grammar, spelling, content, and submitted in the specified times that are stated in the deliverable section.
- Detection Logic: Document and test detection logic for automated detection of threat actor activity based on hunt hypothesis. Detection logic in the form of Splunk Enterprise Security (ES) searches that are run at proposed intervals. Proposal and discussion will happen in agile scrum stand up meetings. Document in Jira stories.
- Advanced SME IR Reports : Timely Advanced SME IR Support for Priority 1 Security Events. SME actively participating in IR activities within 4 hours of request (7x24x365).
- Incident Report: Document all incident details in an incident report. Report shall include executive summary, details of incident, security impact of incident, timeline of incident, and actions taken.
- Provide Weekly Reports to the AOUSC Program Manager that documents all activities, tasks, tickets and documents worked on.
- Document repeatable Standard Operation Procedures (SOPs) and playbooks for security use cases.
Vacancy posted 2 days ago
Similar jobs that could be interesting for youBased on the Cyber Threat Hunter in Washington DC vacancy
$94.1k - $150k
...Position Overview The Cyber Threat Hunter proactively protects enterprise environments from advanced cyber threats by analyzing network, endpoint, and log data to identify malicious activity that may evade conventional security controls. This role establishes normal traffic...CyberContract workWork at office- ...A cybersecurity firm in Arlington, Virginia, is seeking a Computer Network Defense Analyst to monitor network activity, analyze cyber threats, and recommend proactive measures to contain incidents. The ideal candidate will have over 5 years of experience in cyber defense...Cyber
- ...Cybersecurity Threat HunterSecurity OperationsUS Exempt RegularFull timeStateside Exempt 3.4 Cybersecurity Threat Hunter Security Operations Full-time, Exempt Regular, Pay Grade... ...consultation on threat hunting methodologies and cyber adversary techniques. Maintain...CyberFull time
- ..., ownership, and execution over bureaucracy. Title: Senior Threat Hunter Location: Washington, DC or Chandler, AZ Terms: Full-time... ...across a security program Current knowledge of cyber adversary tactics, trends, and the evolving federal threat landscape...CyberFull timeWork experience placementFlexible hours
- ...Job Description *** This position is contingent upon contract award *** Overview SOSi is seeking a Senior Threat Hunter to support proactive cyber defense activities in alignment with our customer. This role is responsible for conducting threat hunting...CyberContract workWork at officeWorldwideMonday to FridayWeekend workAfternoon shift
- ...Job Description Job Description cFocus Software seeks a Mid Level Cyber Threat Hunter to join our program supporting US Courts in Washington, DC. This position is 4 days a week onsite in DC and one day remote. Required Qualifications include: ~5+ years of experience...CyberWork at officeRemote work
$164k - $240k
...Lead of Threat Operations Support, Mandiant, Google Cloud Following our transition to a high-velocity architecture optimized to Build... ...of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant...Cyber- ...Requisition #: 1617 Job Title: Cyber Threat Intelligence Analyst Location: Hybrid, Arlington, VA Clearance Level: Top Secret, Must Have Clearance to Start Job Description Agile Defense is actively seeking a Cyber Threat Intelligence Analyst with background experience...Cyber2 days per week
- ...Cyber Threat Analyst/Computer Security Systems Specialist The client is looking for a Cyber Threat Analyst/Computer Security Systems Specialist to research and analyze classified reporting to identify current and emerging threat trends and work with intelligence community...CyberDay shift
- ...Summary Cyber Threat Analysts assess foreign cyber intentions and capabilities to support U.S. national security interests. Learn more about this agency Duties Help As a Cyber Threat Analyst at CIA, you will analyze foreign cyber intentions and capabilities...CyberFull timePart time
$120k - $145k
...flexibility, and ingenuity to strengthen and protect our nation's vital interests. Requisition #: 1617 Job Title: Cyber Threat Intelligence Analyst Location: Hybrid, Arlington, VA Clearance Level: Top Secret, Must Have Clearance to Start...Cyber2 days per week- ...Threat Intelligence Analyst Location: Bethesda, MD Role Summary: Mid-level CTI analyst collecting, analyzing, and operationalizing cyber threat intelligence to improve detection and response. Must-Have Skills: ~3–5 years threat intelligence, SOC, or IR experience...Cyber
$107.9k - $195.05k
...Description The Leidos Digital Modernization sector is looking for a Cyber Threat Intelligence Analyst to support a Defensive Cyber Operations (DCO) team in Washington, DC. This position is expected to become available in Summer 2026. Our team provides mission critical...CyberSummer workCasual workRemote workShift workNight shiftRotating shift$100k - $124k
...produce meaningful results. This is a contingent position based upon customer approval. SkyePoint Decisions is seeking a Cyber Threat Analyst to support the Diplomatic Security Cyber Mission (DSCM) program providing leading cyber and technology security...CyberContract workRemote workOverseas- ...Evolver Federal is seeking a Lead Cyber Threat Analyst to fulfil a requirement for a potential government client. The Lead Cyber Threat Analyst is responsible for identifying, analyzing, and mitigating advanced cyber threats targeting federal systems and critical infrastructure...CyberFlexible hours
$100k - $155k
...Cyber Threat Intelligence Analyst Northern Virginia Position Summary The Senior Cyber Threat Intelligence Analyst is responsible for collecting, analyzing, and disseminating actionable intelligence to support enterprise cybersecurity operations, fraud prevention...CyberTemporary workWork at officeRemote workFlexible hours- ...Cyber Threat Analyst As a Cyber Threat Analyst at CIA, you will analyze foreign cyber intentions and capabilities to support U.S. national security interests. You will identify, monitor, and counter threats against US information systems and critical infrastructure...Cyber
$80k - $128k
...Peraton is seeking a Cyber Investigations Analyst for its Federal Strategic Cyber Group. This full-time, on-site position is based in Arlington, VA. Candidates should possess a Bachelor’s degree and at least 5 years of relevant experience, along with cybersecurity certifications...CyberFull time- cFocus Software seeks a Cyber Hunter to join our program supporting the National Institutes of Health (NIH). This position is fully remote... ...Technology, or a related field ~4+ years conducting threat hunting or advanced cybersecurity investigations. ~ Experience...CyberFull timeRemote work
- ...Threat Intelligence Analyst Zantech is looking for a talented Threat Intelligence Analyst to contribute to the success of our upcoming Program Management and Cyber Support Services project for an Onsite role based out of Arlington, VA. The Threat Intelligence Analyst...CyberContract work
- ...Job Description Job Description We are seeking a motivated Threat Hunter to support enterprise cybersecurity operations in a fast-paced federal environment. The successful candidate will help protect mission-critical systems while collaborating with technical and operational...Cyber
$83.85k - $107.95k
...Threat Analyst Chicago, IL, USKansas City, MO, USHouston, TX, USAtlanta, GA, USWashington... ...and continuously adapts to the evolving cyber threat landscape. Responsibilities... ...experience in Cyber Intelligence or as a Threat Hunter, ideally within a CIRT/SOC; hands-on...CyberTemporary workLocal area$117.54k - $145k
...Are HII-Mission Technologies is seeking a senior-level Insider Threat Specialist to support the Office of National Security (ONS) within... ...in counterintelligence, intelligence, insider threat, cyber threat intelligence, information security, national personnel security...CyberFull timeWork experience placementWork at officeLocal areaImmediate startWorldwide$3,000 per month
...WHAT WE’RE DOING Lockheed Martin, Rotary Mission Systems Cyber & Intelligence invites you to step up to one of today’s most daunting... ..., you’ll work with cybersecurity experts on the forefront of threat protection and proactive prevention. In this fast-paced, real-world...Cyber$178.4k - $226.7k
...Description The Threat Intelligence for Global Enterprise Response (TIGER) team, part of Amazon Cyber Threat Intelligence (ACTI), is responsible for developing actionable intelligence on advanced cyber threats to Amazon employees and company assets. We obtain indicators...CyberFlexible hoursNight shiftWeekend work- ...Job Description Job Description Job Title: Senior Cyber Analyst City: Alexandria State: Virginia Position Requirements... ...with intelligence tools including Defense Intelligence Threat Library, Validated Online Lifecycle Threat reports, Community On...CyberWork experience placementWork at officeLocal area
- ...Overview Role Summary: The Cyber Security Engineer is responsible for developing and implementing security measures to protect the... ...solutions into projects. Stay updated on the latest cybersecurity threats and trends. Develop and implement quantum-safe security...Cyber
- ...A technology firm in Virginia is seeking an experienced SME Cyber Incident Response Analyst to join its team. This role involves monitoring and responding to cyber threats, leading incident response activities, and providing expert investigative support. Ideal candidates...Cyber
- ...Serve as a mid to senior-level cybersecurity specialist providing cyber-specific expertise to DHS systems. Works closely with federal... ...procedures to plan and execute assessments. Performs and documents threat/risk assessments, develops cyber resilience test strategies and...CyberRemote work
- ...Description: Hybrid in Washington, DC Our client seeks an Insider Threat Analyst Lead to support a federal cybersecurity program focused... ...case management for cybersecurity investigations. ~ Certified Cyber Insider Threat Professional (CCITP) Program. ~ Preferred:...CyberHourly payContract workLocal area
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Cyber Threat Hunter. Be the first to apply!

