Cyber Threat Hunter

The Leidos Digital Modernization sector is looking for a Cyber Threat Hunter to support a Defensive Cyber Operations (DCO) team in Washington, DC. This position is expected to become available in Summer 2026.

Our team provides mission critical, 24/7 operational support to the customer's mission of protecting federal networked systems and services from cyber threats impacting national security. This hybrid position is primarily on-site, with potential for up to 20% telework. While this position will primarily work during core hours (0600 - 1600), this position will be supporting a team of analysts working 24/7 rotating shifts (days, swings, nights). As such, occasional shift work or weekend work may be required to fill unexpected gaps in coverage., * Hypothesis-Driven Hunting: Develop and execute structured hunt campaigns by forming theories on adversary persistence and lateral movement based on the latest TTPs.

• Advanced Telemetry Analysis: Query and correlate massive datasets across cloud resources, identity systems, and network infrastructure to identify "low and slow" attacks that evade automated detection.
• Detection Engineering Pipeline: Partner with detection teams to transform manual hunt discoveries into high-fidelity, automated detection rules (SIEM/EDR).
• Automated Countermeasure Deployment: Design and maintain automation scripts to scale threat mitigation and isolate compromised assets at machine speed.
• APT Targeting & Engagement: Utilize the MITRE ATT&CK framework to proactively search for Advanced Persistent Threat (APT) activity, assuming a "breach mentality" to uncover hidden adversaries.
• Indications & Warnings (I&W) Integration: Analyze internal and external telemetry to identify early triggers and "smoke" that signal an imminent or ongoing compromise.
• Tactical Reporting & Metrics: Author detailed technical hunt reports summarizing findings, operational gaps, and measurable improvements to the organization's security posture.
• Situational Awareness: Maintain a deep understanding of the current threat landscape, focusing on how new vulnerabilities or malware variants could be exploited within the customer enterprise.

• Bachelor's Degree with 8+ yrs of experience or Master's Degree with 6+ yrs of relevant experience; additional years of experience may be substituted in lieu of degrees.

• DoD 8570 IAT Level II/III: Must hold an IAT Level II or higher certification (or obtain within 180 days). (e.g., CompTIA Security +, CySA+, GSEC and SSCP) or (CASP+ CE, CCNP Security, CISA, GCED, and GCIH)

• DoD 8570 CSSP Analyst: Must hold a CSSP Analyst certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, GIAC Global Information Assurance Certification (GCIA))

• DoD 8570 CSSP Infrastructure Support: Must hold a CSSP Infrastructure Support certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, EC-Council CEH, CND, CHFI, GIAC GICSP, and ISC2 SSCP)

• Technical Proficiency: Expert knowledge of networking protocols (TCP/IP, DNS, HTTP/S) and common security elements like IDS/IPS and next-gen firewalls.

• Data Analysis: Direct experience analyzing complex packet captures and endpoint logs to reconstruct attack timelines.

• Security Clearance: Current DoD TS/SCI security clearance and ability to pass additional customer suitability screenings prior to start and maintain throughout employment.

PREFERRED SKILLS:

• Hunt Methodology: Demonstrated experience planning and executing hunt missions in complex, hybrid-cloud environments.
• Query Languages: Expert proficiency in SPL (Splunk), KQL (Kusto), or DSL (Elastic) for large-scale data mining.
• Scripting for Security: Advanced use of Python, PowerShell, or Bash to automate repetitive hunt tasks and data enrichment.
• Forensic Insight: Previous experience in Digital Forensics or Incident Response (DFIR) to assist in root-cause analysis.
• Cloud Infrastructure: Familiarity with hunting within AWS, Azure, O365, and containerized workloads.
• AI-Enhanced Defense: Experience using AI-driven analytics to sift through noise and identify anomalous behavioral patterns.

#ms

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available at www.leidos.com/careers/pay-benefits .

Leidos is an industry and technology leader serving government and commercial customers with smarter, more efficient digital and mission innovations. Headquartered in Reston, Virginia, with 47,000 global employees, Leidos reported annual revenues of approximately $16.7 billion for the fiscal year ended January 3, 2025. For more information, visit www.Leidos.com .