Staff Security Specialist, Threat Hunter

About us

One team. Global challenges. Infinite opportunities. At Viasat, we're on a mission to deliver connections with the capacity to change the world. For more than 35 years, Viasat has helped shape how consumers, businesses, governments and militaries around the globe communicate. We're looking for people who think big, act fearlessly, and create an inclusive environment that drives positive impact to join our team.

What you'll do

As a Cyber Threat Hunter with a focus on Cyber Threat Intelligence (CTI), you will play a critical, proactive role in safeguarding our organization from advanced threats that evade traditional security defenses. You will bridge the gap between reactive incident response and preventative security engineering, using intelligence-driven methodologies to hunt down adversaries in our environment before they can cause harm.

Your mission is to:

• Proactively Hunt: Execute hypothesis-driven threat hunts across the network, endpoints, and cloud environments to uncover hidden, anomalous, or malicious activity that could bypass controls
• Leverage Intelligence: Integrate Cyber Threat Intelligence (CTI) from tactical, operational, and strategic sources to inform hunting hypotheses, prioritize investigations, and enrich security tooling
• Support Incident Response: Collaborate on threat intelligence driven incidents by providing hunting and CTI enrichment support
• Improve Posture: Prioritize vulnerabilities and security gaps based on threat actor exploitation trends identified via CTI and hunting campaigns, directly feeding into the vulnerability management and security engineering programs
• Advance Detection: Coordinate with detection engineers to develop new detections, composite rules, and dashboards based on discovered threat Tactics, Techniques, and Procedures (TTPs) to enhance the security team's overall capability
• TIP and SIEM Enrichment: Lead the lifecycle of threat intelligence within the Threat Intelligence Platform (TIP), ensuring timely maintenance, accurate expiration policies, reduction in false positive rates, and continuous enrichment of Indicators of Compromise (IOCs) and TTPs to improve contextualization and prioritization of alerts in the Security and Information Event Management (SIEM)
• External Threat Monitoring: Maintain continuous tracking and monitoring of external threat surfaces, including dark web forums, leak sites, and underground marketplaces, focusing on brand protection, supply chain risks, and the identification of organizational asset management risks

The day-to-day

A typical day involves a blend of deep investigation, collaboration, and continuous learning:

• Review the latest threat intelligence reports, internal alerts, and ongoing investigations. Prioritize the day's hunting campaigns based on the most relevant and high-impact threats
• Spend significant time querying and analyzing large datasets from SIEM, Endpoint Detection and Response (EDR), network logs, and cloud telemetry, searching for patterns and anomalies that confirm or deny a threat intelligence hypothesis
• Conduct in-depth analysis on potential IOCs, which may include correlating data from disparate sources
• Work directly with the Incident Response team to transition a confirmed threat into a full-scale incident, providing critical context on the threat actor, their motives, and their activities
• Participate in and contribute to relevant threat intelligence working groups, consuming information from partners to rapidly shift and focus hunting efforts on the most immediate and relevant threats to our sectors
• Regularly review and update intelligence feeds and context within the TIP and SIEM to keep alerting rules efficient. This reduces false positive alerts and improves detection based on gathered information
• Document and communicate findings clearly to both technical and non-technical stakeholders, detailing the threat, its potential impact, and actionable remediation steps

What you'll need

• 5+ years' experience threat hunting
• 2+ years experience with the Incident Response lifecycle (Preparation, Detection & Analysis, Containment, Eradication & Recovery, Post-Incident Activity) and the ability to lead the technical aspects of an investigation
• Demonstrable ability to source, analyze, and apply CTI to hunting for adversary TTPs
• Provide expert-level knowledge and practical experience with SIEM, TIP, and Endpoint and Network Detection & Response E/NDR) tools for data querying and analysis
• Experience prioritizing vulnerabilities, Common Vulnerabilities and Exposures (CVEs), in a vulnerability management program based on CTI feeds and evidence of active exploitation (e.g., applying the CISA Known Exploited Vulnerabilities (KEV) catalog)
• Solid understanding of operating system internals (Windows, macOS, Linux), cloud infrastructure, common network protocols, or the ability to analyze endpoint and network artifacts (e.g., packet captures, memory dumps, system logs)
• US Citizenship required
• Active DoD Secret Clearance or have held one in the last two (2) years
• Ability to travel up to 10%

What will help you on the job

• Demonstrated Incident Response, or Security Operations Center (SOC) role (Tier 3/Advanced Analyst) experience
• Hands-on experience with EDR, NDR, TIP, and Security Orchestration, Automation, and Response (SOAR) tools
• Familiarity with the security logging, monitoring, and threat landscape of major cloud environments
• Experience producing professional intelligence products, reports, and delivering executive-level briefings on complex technical topics

Salary range

$165,000.00 - $260,500.00 / annually.For specific work locations within San Jose, the San Francisco Bay area and New York City metropolitan area, the base pay range for this role is $205,000.00- $307,000.00/ annually

At Viasat, we consider many factors when it comes to compensation, including the scope of the position as well as your background and experience. Base pay may vary depending on job-related knowledge, skills, and experience. Additional cash or stock incentives may be provided as part of the compensation package, in addition to a range of medical, financial, and/or other benefits, dependent on the position offered. Learn more about Viasat's comprehensive benefit offerings that are focused on your holistic health and wellness at
EEO Statement

Viasat is proud to be an equal opportunity employer, seeking to create a welcoming and diverse environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, ancestry, physical or mental disability, medical condition, marital status, genetics, age, or veteran status or any other applicable legally protected status or characteristic. If you would like to request an accommodation on the basis of disability for completing this on-line application, please click here.

Required

Preferred

Job Industries

• Other