OT Threat Hunt Analyst

Job Number: R0238495 OT Threat Hunt Analyst Join a high-impact, mission-driven team operating at the forefront of cyber defense for critical infrastructure. As a Threat Hunter, you will be part of a small, agile group entrusted with proactively identifying and disrupting advanced threats targeting some of the nation's most essential systems. This role goes beyond traditional detection and response. You will lead and execute sophisticated threat hunting operations, transforming emerging intelligence into actionable hunt missions, engineering novel collection capabilities, and uncovering adversary activity that evades conventional security controls. Working at the intersection of cyber threat intelligence, detection engineering, and operational technology (OT), you will help defend complex, real‑world environments where the stakes are tangible and immediate. You will collaborate closely with system owners, engineers, and OT subject matter experts to design and deploy innovative approaches to visibility and analysis, often in environments where telemetry is limited and adversaries are highly adaptive. Your work will directly support federal missions, contributing to the resilience and security of critical infrastructure sectors. This is a role for a technically deep, creatively minded operator who thrives in ambiguity, enjoys building new capabilities from the ground up, and is motivated by meaningful, national-level impact. You Have 10+ years of experience supporting cyber operations in incident response, threat hunting, detection engineering, offensive operations, or cybersecurity and information assurance Experience conducting proactive, hypothesis-driven threat hunts in enterprise or industrial environments Experience mapping activity to frameworks, such as MITRE ATT&CK Experience with a query and analysis platform, such as SIEM or EDR, or log analytics tools Experience analyzing endpoint, network, and log data to identify malicious or anomalous behavior Knowledge of adversary tactics, techniques, and procedures (TTPs) Ability to translate cyber threat intelligence into actionable hunt hypotheses, operational plans, and detection analytics, design, test, and iterate on data collection strategies in constrained or complex environments, and clearly document findings and brief technical and non-technical audiences Top Secret clearance Bachelor's degree GIAC (e.g., GCFA, GCIH, GCIA) or CISSP certification Nice If You Have Experience working with industrial control systems (ICS), SCADA environments, or other operational technology (OT) networks Experience with the development of custom detection content, signatures, or behavioral analytics beyond out-of-the-box tooling Experience with scripting or programming, such as Python or PowerShell, to automate analysis or build custom tooling Experience with the U.S. Intelligence Community and using intelligence to support cyber defensive operations Experience conducting threat hunting in cloud or hybrid environments, such as AWS, Azure, or containerized infrastructure Experience with threat emulation or purple teaming Knowledge of OT protocols, such as Modbus or DNP3, and visibility challenges unique to industrial environments Knowledge of memory forensics, malware analysis, or reverse engineering Possession of strong written and verbal communication skills Clearance Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. Top Secret clearance is required. Compensation Salary is determined by various factors, including but not limited to location, the individual's particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $99,000.00 to $225,000.00 (annualized USD). This posting will close within 90 days from the Posting Date. Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law. #J-18808-Ljbffr