Cybersecurity Threat Hunter

Cybersecurity Threat HunterSecurity OperationsUS Exempt RegularFull timeStateside Exempt 3.4

Cybersecurity Threat Hunter

Security Operations

Full-time, Exempt Regular, Pay Grade 3.4

Location: Hybrid (Occasional onsite presence in Adelphi, MD)

We are seeking a highly skilled and proactive Cybersecurity Threat Hunter to join our Information Security team. In this role, you will be responsible for proactively identifying advanced threats and developing detection strategies to protect enterprise assets. You will apply your deep expertise in adversary tactics, techniques, and procedures (TTPs), threat intelligence, and endpoint/network telemetry to hunt, investigate, and mitigate complex threats in our hybrid multi-cloud environment.

Duties and Responsibilities:

• Lead proactive threat hunting activities across endpoints, network, and cloud environments to detect anomalous behaviors and emerging threats.

• Analyze large security logs to identify patterns of malicious activity and Indicators of Compromise (IOCs) using our SIEM and EDR platforms, augmenting analysis with threat intelligence feeds.

• Develop and refine hypotheses for hunting campaigns based on current threat landscape and adversary TTPs (e.g., MITRE ATT&CK).

• Collaborate with the bigger Information Security team and other cross-functional teams to triage, escalate, and respond to identified threats.

• Design and implement custom detection logic and rules to improve threat detection efficacy within SIEM tool.

• Perform analysis on phishing emails, malicious files, and other threat artifacts when required.

• Develop documentation, hunting playbooks, and knowledge transfer materials for junior analysts and other stakeholders.

• Produce relevant valuable reports following threat assessments highlighting recommendations to improve security.

• Provide expert-level consultation on threat hunting methodologies and cyber adversary techniques.

• Maintain awareness of the latest security threats, vulnerabilities, and attack techniques through continuous research.

• Mentor and guide tier 1 engineers, fostering skill development and knowledge sharing.

Skills and Competencies:

• Strong knowledge of threat actor tactics, techniques, and procedures (TTPs) and experience using frameworks such as MITRE ATT&CK.

• Proficiency with EDR tools, SIEM platforms, and threat intelligence platforms.

• Ability to develop detection logic using scripting or query languages (e.g., PowerShell, Bash, Python).

• Experience with log and packet analysis, endpoint forensics, and malware reverse engineering.

• In-depth understanding of operating system internals (Windows, Linux), network protocols, and cloud infrastructure (AWS, Azure).

• Strong analytical and problem-solving skills, with the ability to work independently and collaboratively.

• Excellent verbal and written communication skills; capable of conveying technical findings to technical and non-technical audiences.

Required Qualifications:

Education:

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related field (or equivalent experience).

Experience:

• Minimum of 6-8 years of relevant cybersecurity experience, with at least 5 years focused on threat hunting, threat intelligence, or incident response.

Preferred Qualifications:

Certifications:

• GIAC Cyber Threat Intelligence (GCTI)

• GIAC Certified Incident Handler (GCIH)

• GIAC Advanced Threat Hunting (GATH)

• Certified Threat Intelligence Analyst (CTIA)

• OSCP or similar offensive security certifications

All submissions should include a cover letter and resume.