Senior Threat Hunter

Job Description

Job Description

Revolutional delivers advanced technology solutions and mission support to federal agencies across civilian, health, and national security environments. We apply modern capabilities, including AI/ML, cloud, cybersecurity, and IT modernization to solve complex challenges, enable faster and more secure operations, and drive measurable mission outcomes.

We are redefining how federal technology gets built and delivered by operating with a product mindset, prioritizing speed, ownership, and execution over bureaucracy.

Title: Senior Threat Hunter

Location: Washington, DC or Chandler, AZ

Terms: Full-time

Clearance: Secret eligibility

Travel: 0-20%

As a Senior Threat Hunter at Revolutional, you go looking for threats that automated tools miss. You proactively hunt for Advanced Persistent Threats and adversary activity across enterprise network environments — using network flow, PCAP, logs, sensors, and endpoint data — before they manifest as confirmed incidents. You are technically deep, analytically rigorous, and creative enough to find what others overlook.

You bring serious data skills: you write scripts, build algorithms, develop SIEM queries, and manipulate large data sets to surface patterns and anomalies. You also lead. You manage hunt operations against tight deadlines, develop reusable hunt tactics that raise the team's capabilities, and brief findings clearly to technical peers and executive audiences alike.

• Proactively hunt for APTs, adversary TTPs, and indicators of compromise across network flow, PCAP, logs, endpoint telemetry, and sensor data
• Develop, execute, and document reusable hunt tactics, techniques, and procedures that can be operationalized across the security program
• Build and maintain SIEM queries, alerts, dashboards, and reports to support hunt operations and improve detection coverage
• Write scripts in Python, R, SQL, PIG, HIVE, or equivalent languages to automate data collection, manipulation, and analysis workflows
• Develop algorithms to analyze complex data structures and identify anomalous patterns indicative of adversary activity
• Apply MITRE ATT&CK and D3FEND frameworks to structure hunt hypotheses, map adversary behavior, and recommend defensive improvements
• Conduct complex malware analysis to understand adversary tools, identify encoding techniques (XOR, Base64, ASCII, Unicode, URL encoding, Uuencode), and extract actionable IOCs
• Leverage EDR solutions to investigate endpoint activity, identify suspicious behavior, and support hunt and incident response workflows
• Interpret and fuse data from multiple tool sources into coherent hunt findings and threat assessments
• Produce clear, well-structured hunt reports and briefings for audiences ranging from technical analysts to executive leadership
• Develop, update, and maintain standard operating procedures and technical documentation for hunt operations
• Manage hunt projects and tasks against tight deadlines; provide team leadership and mentorship as needed
• Stay current on adversary tactics, trends, and emerging threat vectors relevant to the federal enterprise environment

• Bachelor's degree in Computer Science, Information Security, or related field; may be substituted with 4 or more additional years of qualifying experience
• 5 or more years of experience in data hunting, manipulation, and presentation in a security operations or threat intelligence context
• Experience in a management or team lead capacity, managing projects and tasks against tight deadlines
• Active Secret clearance; Top Secret/SCI eligibility required

• Demonstrated experience hunting for APTs and adversary activity using network flow, PCAP, log data, and security sensor telemetry
• Proficiency with SIEM platforms: search language, query development, alert tuning, dashboard creation, and report building
• Scripting proficiency in one or more of: Python, R, SQL, PIG, HIVE, or equivalent languages for data analysis and workflow automation
• Skill in developing algorithms and conducting structured queries to analyze complex data structures at scale
• Knowledge of MITRE ATT&CK and D3FEND frameworks and their practical application to hunt operations and defensive recommendations
• Solid understanding of the TCP/IP networking stack and network intrusion detection technologies
• Experience with complex malware analysis and identification of common encoding techniques including XOR, Base64, ASCII, Unicode, URL encoding, and Uuencode
• Hands-on experience with EDR solutions for endpoint visibility and threat investigation
• Experience creating reusable hunt tactics and techniques that can be operationalized across a security program
• Current knowledge of cyber adversary tactics, trends, and the evolving federal threat landscape

• Proactive and intellectually curious — you hunt because you assume the adversary is already in, and you don't stop until you've proved otherwise
• Strong analytical and data skills; you find signal in noise and can explain what you found and why it matters
• Effective communicator across audiences — from technical write-ups to executive briefings, your findings land clearly
• Disciplined operator who builds repeatable processes, documents work thoroughly, and raises the capability of the team around you

One certification from each of the following groups is required:

• CISSP Associate, CCSP, SSCP, GCIH, GNFA (GIAC Network Forensic Analyst), or GCIA (GIAC Certified Intrusion Analyst)

• Any certification qualifying under the DoD 8570 CSSP Analyst, Infrastructure Support, or Incident Responder categories, or other similar certifications as approved

• Advanced threat hunting certifications: GCTI (GIAC Cyber Threat Intelligence), GREM (GIAC Reverse Engineering Malware), or GCFE/GCFA (GIAC forensics)
• Experience building or maturing a threat hunting program from the ground up in a federal environment
• Familiarity with threat intelligence platforms (TIPs) and integrating CTI data into hunt workflows
• Experience with cloud-native hunting across commercial or GovCloud environments
• Background in red team or adversary emulation that informs hunt hypothesis development
• Active TS/SCI clearance

#DICE #LinkedIn

___________________________________________________________________________________________________________

Here at Revolutional we are pleased to have been repeatedly recognized for our outstanding work culture, the innovative work we do, and the employees on our team who make a difference each day. Some of these recognitions include:

• Recognized as a Top 20 "Best Place to Work in Virginia"
• Recipient of Department of Labor's HireVets Gold Medallion
• Great Place to Work Certification for five years running
• A Virginia Chamber of Commerce Fantastic 50 company
• A Northern Virginia Technology Council Tech 100 company
• Inc. 5000 list of fastest growing companies for eleven years
• Two-time SBA SBIR Tibbett's Award winner
• Virginia Values Veterans (V3) Certification

We recognize that every bit of our success is the result of our teams of hard-working, motivated, and innovative professionals who are proud to call themselves part of the Revolutional family! In addition to competitive compensation, a family-focused culture, and a dynamic, productive work environment, we offer all full-time employees a variety of benefits including, but not limited to

• Traditional and HSA- eligible medical insurance plans
• 100% employer-paid dental and vision insurance options
• 100% employer-sponsored STD, LTD, and life insurance
• 5% 401(k) company matching
• Flexible-schedules and teleworking options
• Paid holidays and PTO Accrual Plans
• Paid Parental Leave
• Professional development and career growth opportunities
• Team and company-wide events, recognition, and appreciation-- and so much more!

Check out our Revolutional | LinkedIn to find out a little more about who we are and if we are the right next step for your career!

Revolutional is an Equal Opportunity Employer providing equal employment opportunity to all employees and applicants for employment without regard to race, color, religion, national origin, age, gender, gender identity, sexual orientation, disability, or genetics. Revolutional does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans. To perform the above job successfully, an individual must possess the knowledge, skills, and abilities listed; meet the education and work experience required; and must be able to perform each essential duty and responsibility satisfactorily. Other duties in addition to those listed may be assigned as necessary to meet business needs. Reasonable accommodation will be made to enable an applicant with a disability to successfully apply for and/or perform the essential duties of the job. If you are in need of an accommodation, please contact View email address on ziprecruiter.com.