Cyber Threat Hunter

Leidos, Inc.
Washington, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Shift work
Languages
English
Experience level
Senior
Compensation
$ 195K

Job location

Washington, United States of America

Tech stack

Artificial Intelligence
Amazon Web Services (AWS)
Data analysis
Azure
Bash
Big Data
Cloud Computing
CompTIA Security+
Data Cleansing
Query Languages
Digital Forensics
DNS
Hypertext Transfer Protocols (HTTP)
Intrusion Detection Systems
Python
Network Architecture
Network Protocols
Powershell
Kusto Query Language
Security Information and Event Management
TCP/IP
Scripting (Bash/Python/Go/Ruby)
Office365
Mitre Att&ck
Cyber Threat Analysis
HybridCloud
Containerization
Cybercrime
Cyber Warfare
Splunk

Job description

The Leidos Digital Modernization sector is looking for a r to support a Defensive Cyber Operations (DCO) team in Washington, DC.

Our team provides mission critical, 24/7 operational support to the customer's mission of protecting federal networked systems and services from cyber threats impacting national security. While this position will primarily work during core hours (0600 - 1600), this position will be supporting a team of analysts working 24/7 rotating shifts (days, swings, nights). As such,

  • and execute structured hunt campaigns by forming theories on adversary persistence and lateral movement based on the latest TTPs.
  • Query and correlate massive datasets across cloud resources, identity systems, and network infrastructure to identify "low and slow" attacks that evade automated detection.
  • Partner with detection teams to transform manual hunt discoveries into high-fidelity, automated detection rules (SIEM/EDR).
  • Design and maintain automation scripts to scale threat mitigation and isolate compromised assets at machine speed.
  • Utilize the MITRE ATT&CK framework to proactively search for Advanced Persistent Threat (APT) activity, assuming a "breach mentality" to uncover hidden adversaries.
  • Analyze internal and external telemetry to identify early triggers and "smoke" that signal an imminent or ongoing compromise.
  • Author detailed technical hunt reports summarizing findings, operational gaps, and measurable improvements to the organization's security posture.
  • Maintain a deep understanding of the current threat landscape, focusing on how new vulnerabilities or malware variants could be exploited within the customer enterprise.

Requirements

  • Bachelor's Degree with 8+ yrs of experience or Master's Degree with 6+ yrs of relevant experience; additional years of experience may be substituted in lieu of degrees.

  • Must hold an IAT Level II or higher certification (or obtain within 180 days). (e.g., CompTIA Security +, CySA+, GSEC and SSCP) or (CASP+ CE, CCNP Security, CISA, GCED, and GCIH)

  • Must hold a CSSP Analyst certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, GIAC Global Information Assurance Certification (GCIA))

  • Must hold a CSSP Infrastructure Support certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, EC-Council CEH, CND, CHFI, GIAC GICSP, and ISC2 SSCP)

  • Technical Proficiency: Expert knowledge of networking protocols (TCP/IP, DNS, HTTP/S) and common security elements like IDS/IPS and next-gen firewalls.

  • Data Analysis: Direct experience analyzing complex packet captures and endpoint logs to reconstruct attack timelines.

  • and ability to passprior to start and maintain throughout employment

  • Hunt Methodology: Demonstrated experience planning and executing hunt missions in complex, hybrid-cloud environments.

  • Query Languages: Expert proficiency in SPL (Splunk), KQL (Kusto), or DSL (Elastic) for large-scale data mining.

  • Scripting for Security: Advanced use of Python, PowerShell, or Bash to automate repetitive hunt tasks and data enrichment.

  • Forensic Insight: Previous experience in Digital Forensics or Incident Response (DFIR) to assist in root-cause analysis.

  • Cloud Infrastructure: Familiarity with hunting within AWS, Azure, O365, and containerized workloads.

  • AI-Enhanced Defense: Experience using AI-driven analytics to sift through noise and identify anomalous behavioral patterns.

#ms

Apply for this position