NASA Cyber Threat Hunt Analyst, Cyber Threat Hunt Analyst and Incident Responders
Role details
Job location
Tech stack
Job description
Location: Onsite at NASA Marshall Space Flight Center (MSFC), Huntsville, AL or NASA Johnson Space Center (JSC), Houston, TXThis position focuses on monitoring and responding to cyber incidents across networks and information systems. The role supports cyber defense operations, manages major incidents, and partners with stakeholders to improve security solutions. It also coordinates incident response actions and maintains chain-of-custody for sensitive investigations., Acts as an integral member of the threat intelligence team, evaluating the implications of emerging threats on client organizations. Responsibilities include supporting incident detection and response efforts, formulating advanced detection strategies, and delivering intelligence insights to enhance cybersecurity operations. The role requires distilling complex technical data into clear, actionable intelligence for both technical teams and executive leadership.
Requirements
- 6+ years in cybersecurity offensive/defensive operations
- 4+ years in APT hunting, penetration testing, digital forensics, SOC operations, or incident response
- Experience profiling and tracking malicious actors, detecting MITRE ATT&CK TTPs, and analyzing log files
- Bachelor's degree
- Secret clearance required; ability to obtain and maintain TS/SCI clearance Experience with detection/alerting technologies (Splunk, Elastic, SentinelOne, etc.)
- Forensic and data analysis, leading cyber exercises
- Technical reporting and leadership briefings
- IAT Level III certification (CISSP, CISM, or CISA)
- Secret clearance required; ability to obtain and maintain TS/SCI clearance, * 3+ years in APT hunting, penetration testing, digital forensics, malware reverse engineering, SOC operations, or incident response
- Experience with SentinelOne, Splunk, or Microsoft Defender
- Bachelor's degree
- OSCP, CCNA-Security, CySA+, GCIH, GICSP, PenTest+ or similar certification
- Secret clearance required; TS/SCI clearance preferred
- Proficiency in MITRE ATT&CK TTPs, SIEM alerts analysis, and log file review
- Ability to work independently and manage multiple concurrent tasks, * 6+ years of cybersecurity experience
- 4+ years in threat research associated with nation-state or criminal activities
- Strong communication skills for technical and executive audiences
- Experience with network protocols, SIEM, endpoint tools, and frameworks (Cyber Kill Chain, Diamond Model, MITRE ATT&CK)
- Bachelor's degree
- Secret clearance required; Ability to obtain and maintain Top Secret/SCI
- Experience with intelligence community or national security
- Familiarity with threat intelligence platforms (MISP, Mandiant, CrowdStrike, Recorded Future, etc.)
- Industry certifications (GCIA, GCIH, GCFA, GNFA, GCTI, GREM)
