Cyber Threat Hunter
cFocus Software Incorporated
cFocus Software seeks a Mid Level Cyber Threat Hunter to join our program supporting US Courts in Washington, DC. This position is 4 days a week onsite in DC and one day remote. Required Qualifications 3- 5 years of experience performing threat hunts & incident response activities for cloud-based and non-cloud-based environments, such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Zscaler 3- 5 years of experience performing hypothesis-based threat hunt & incident response utilizing Splunk Enterprise Security. 3- 5 years of experience collecting and analyzing data from compromised systems using EDR agents (e.g. CrowdStrike ) and custom scripts (e.g. Sysmon & Auditd ) 3-5 years of experience with the following threat hunting tools: Microsoft Sentinel for threat hunting within Microsoft Azure; Tenable Nessus and SYN/ACK for vulnerability management; NetScout for analyzing network traffic flow; SPUR.us enrichment of addresses Mandiant Threat intel feeds Must be able to work 80% (Monday thru Thursday) onsite at AOUSC office in Washington, DC Desired Qualifications One of the following certifications: GIAC Certified Intrusion Analyst (GCIA) GIAC Certified Incident Handler (GCIH) GIAC Continuous Monitoring (GMON) GIAC Defending Advanced Threats (GDAT) Splunk Core Power User Duties Provide incident response services after an incident is declared and provides a service that proactively searches for security incidents that would not normally be detected through automated alerting. The Threat Hunt mission is to explore datasets across the judicial fabric to identify unique anomalies that may be indicative of threat actor activity based on the assumption that the adversary is already present in the judicial fabric. The extended mission is to conduct counterintelligence, build threat actor dossiers, disrupt adversary operations, identify misconfigurations/ vulnerabilities, and identify visibility/detection gaps, if any. Human analytical thinking is imperative to the primary and extended missions as it is up to the threat hunter to find signs of an intrusion that have bypassed the automatic detection process that may already be in place. Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now), for threat hunt support. Threat hunt targets include cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (i.e., Zscaler). Review and analyze risk-based Security information and event management (SIEM) alerts when developing hunt hypotheses. Review open-source intelligence about threat actors when developing hunt hypotheses. Plan, conduct, and document iterative, hypothesis based, tactics, techniques, and procedures (TTP) hunts utilizing the agile scrum project management methodology. At the conclusion of each hunt, propose, discuss, and document custom searches for automated detection of threat actor activity based on the hunt hypothesis. Configure, deploy, and troubleshoot Endpoint Detection and Response agents (e.g., CrowdStrike and Sysmon). Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC. Track and document cyber defense incidents from initial detection through final resolution. Interface with IT contacts at court or vendor to install or diagnose problems with EDR agents. Participate in government led after action reviews of incidents. Triage malware events to identify the root cause of specific activity. Attend daily Agile Scrum standups and report progress on assigned Jira stories. Deliverables Hunt Hypotheses : Hunt hypotheses describe how an actor might operate in the network while remaining undetected. The hypothesis describes what is expected to happen if the hypothesis is true and what is expected to happen if the hypothesis is false. The hypothesis contains all data required, is free from errors in grammar, spelling, content, and submitted in the specified times that are stated in the deliverable section. Hunt Reports : Hunt reports describe the original hypothesis and all iterations. At each stage, the report details how the hypothesis was tested and the results. The reports contain all data required, is free from errors in grammar, spelling, content, and submitted in the specified times that are stated in the deliverable section. Detection Logic: Document and test detection logic for automated detection of threat actor activity based on hunt hypothesis. Detection logic in the form of Splunk Enterprise Security (ES) searches that are run at proposed intervals. Proposal and discussion will happen in agile scrum stand up meetings. Document in Jira stories. Advanced SME IR Reports : Timely Advanced SME IR Support for Priority 1 Security Events. SME actively participating in IR activities within 4 hours of request (7x24x365). Incident Report: Document all incident details in an incident report. Report shall include executive summary, details of incident, security impact of incident, timeline of incident, and actions taken. Provide Weekly Reports to the AOUSC Program Manager that documents all activities, tasks, tickets and documents worked on. Document repeatable Standard Operation Procedures (SOPs) and playbooks for security use cases. #J-18808-Ljbffr cFocus Software Incorporated
- A cybersecurity firm is looking for a Mid Level Cyber Threat Hunter to support US Courts in Washington, DC. The position requires 3-5 years of experience in threat hunting and incident response, working both onsite and remote. Responsibilities include incident response,...CyberRemote job
$107.9k - $195.05k
Overview The Leidos Digital Modernization sector is looking for a Cyber Threat Hunter to support a Defensive Cyber Operations (DCO) team in Washington, DC. This position is expected to become available in Summer 2026. Our team provides mission critical, 24/7 operational...CyberSummer workCasual workLocal areaRemote workShift workNight shiftRotating shift- A leading technology firm is seeking a Cyber Threat Hunter to join their team in Washington, DC. This hybrid position involves developing and executing threat hunting campaigns, analyzing complex datasets, and crafting detailed technical reports. Candidates should have...Cyber
- A leading technology company is seeking a Cyber Threat Hunter to join their Defensive Cyber Operations team in Washington, DC. The role involves developing hunt campaigns, conducting advanced telemetry analysis, and maintaining high levels of situational awareness regarding...CyberRemote work
- SIXGEN is seeking an Advanced Threat Hunter to proactively identify, investigate, and disrupt advanced cyber threats before they impact enterprise operations. You will hunt across endpoints, networks, cloud environments, and security telemetry to reveal TTPs evading standard...CyberRemote job
- ...) is seeking a Senior Staff SOC Analyst to join the Global Security Operations team. You will lead major cyber incident command activities, perform hands-on threat hunting, and coordinate investigations across SOC, Threat Intelligence, and Cloud Security groups. You will...Cyber
$94.1k - $150k
Position Overview The Cyber Threat Hunter proactively protects enterprise environments from advanced cyber threats by analyzing network, endpoint, and log data to identify malicious activity that may evade conventional security controls. This role establishes normal traffic...CyberContract workWork at office$85k
...will receive Incidents and performs deep analysis; correlates with threat intelligence to identify the threat actor, nature of the attack... .... The Senior Security Operations Center Analyst will deliver cyber intelligence services and material to information technology and...CyberWork at office- Ampcus, Inc is hiring a Senior Cyber Security Analyst in Washington, DC. This role involves the administration of cyber control technologies and is crucial for monitoring and responding to cyber incidents in both IT and Operational Technology (OT) networks. The ideal candidate...Cyber
- ManTech seeks a motivated Cyber Threat Hunter to join our team in McLean, VA. The role involves leveraging technical expertise to detect and mitigate cyber threats, utilizing methodologies like MITRE ATT&CK and conducting threat hunts based on internal data. Qualifications...Cyber
- UltraViolet Cyber, located in McLean, Virginia, is actively seeking a Cyber Threat Researcher (Level II) for its Threat Intelligence & Detection Engineering team. This role involves engaging in threat hunts and creating effective threat detections to protect clients from...Cyber
$50k - $90k
UltraViolet Cyber in McLean, Virginia, is seeking an Associate Cyber Threat Researcher (Level I) to enhance cybersecurity operations. This role focuses on threat hunting and creating advanced threat detection strategies to defend clients against cyber threats. The ideal...Cyber- ...Cybersecurity Threat HunterSecurity OperationsUS Exempt RegularFull timeStateside Exempt 3.4 Cybersecurity Threat Hunter Security Operations Full-time, Exempt Regular, Pay Grade... ...consultation on threat hunting methodologies and cyber adversary techniques. Maintain...CyberFull time
- A minority-owned technology firm in Arlington, VA, is seeking an Incident Response Expert / Cyber Eviction Analyst. This role requires 8+ years of cyber incident response experience and the ability to manage critical incidents effectively. The ideal candidate will have...Cyber
- MANTECH seeks a motivated, career and customer-oriented Cyber Threat Hunter to join our team in Mclean, VA . The Cyber Threat Hunter will leverage their strong technical background and knowledge to proactively detect, investigate, and mitigate cyber threats within our...CyberWork at officeLocal area
- ..., ownership, and execution over bureaucracy. Title: Senior Threat Hunter Location: Washington, DC or Chandler, AZ Terms: Full-time... ...across a security program Current knowledge of cyber adversary tactics, trends, and the evolving federal threat landscape...CyberFull timeWork experience placementFlexible hours
- ...Job Description *** This position is contingent upon contract award *** Overview SOSi is seeking a Senior Threat Hunter to support proactive cyber defense activities in alignment with our customer. This role is responsible for conducting threat hunting...CyberContract workWork at officeWorldwideMonday to FridayWeekend workAfternoon shift
- ...prioritizing speed, ownership, and execution over bureaucracy. Senior Threat Hunter Analyst Location: Washington, DC, Ft. Collins, CO, or Kansas... ...better over time. You work in close coordination with the Cyber Threat Intelligence team, maintaining threat indicator feeds...CyberFull timeWork experience placementLocal areaRemote workFlexible hoursShift work
- ...Candidates must possess a TS/SCI clearance and have at least 8 years of relevant experience in incident response, knowledge of operational threat environments, and strong communication skills. This position values collaboration and encourages innovation in tackling complex...CyberRemote work
- ...A cybersecurity solutions provider is seeking a Jr Industrial Control System Cyber Threat Intelligence Analyst in Arlington, VA. The ideal candidate should hold a Bachelor's degree with at least 2 years of relevant experience and have hands-on capabilities in cyber incident...Cyber
- ...a SOC Analyst II to join our Security Operations team. This role focuses on monitoring, triaging, and responding to cybersecurity threats. The ideal candidate will possess a strong technical foundation and a passion for operational cybersecurity, working closely with IT...
$131.3k - $237.35k
...Response Analyst to join their team in Arlington, Virginia. The role involves coordinating incident response efforts, analyzing cyber threats, and developing security protocols for the Department of Homeland Security's CISA Program. With an emphasis on strong analytical...Cyber- Witt/Kieffer is seeking a Senior Cyber Threat Intelligence Analyst to analyze threats, collect intelligence, and produce reports. Candidates should have extensive experience in analyzing cyber threats and strong communication skills, with a preference for a Bachelor's...CyberFull time
- A government contractor in Washington, DC is seeking a Lead Cyber Threat Analyst to oversee cybersecurity operations for enterprise systems. The ideal candidate will have significant experience in cybersecurity, strong leadership skills, and relevant certifications such...CyberFor contractors
- Chaosindustries is looking for a SOC Analyst II to join its Security Operations team in Washington, D.C., dedicated to defending against cyber threats. The role focuses on monitoring, investigating, and responding to security incidents, while collaborating with IT and...Cyber
- EmergencyMD is seeking a Lead Cyber Threat Analyst to address advanced cyber threats in Washington, D.C. This role includes leading threat analysis, conducting threat hunting, managing SOC operations, and collaborating with cross-functional teams. The ideal candidate should...Cyber
$135k - $145k
Tyto Athene, LLC is looking for a Cyber Event Monitoring Lead to oversee threat monitoring and incident reporting in Washington, DC. The role entails collaborating with Senior Analysts, utilizing SIEM technologies, and managing enterprise network security. The ideal candidate...Cyber- JPMorgan Chase is hiring for a senior technical role within CRAFT, focused on complex problem-solving in cyber threat analysis and intrusion detection. Candidates will engage in hands-on technical research and analysis to support operational response during high-priority...Cyber
$78.5k - $117.5k
Recordedfuture is seeking a Fraud Analyst to enhance its Threat Intelligence team. This role involves conducting research on cyber threats and producing actionable intelligence by analyzing data from multiple sources. The ideal candidate will possess a BA/BS in a related...Cyber$100k - $120k
SkyePoint Decisions, Inc. is seeking a Mobile Threat Analyst in Arlington, VA, to support the Diplomatic Security Cyber Mission. The role involves conducting forensic examinations of mobile devices and analyzing malicious behavior within applications. Candidates should...CyberFlexible hours
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Cyber Threat Hunter. Be the first to apply!

