Cyber Threat Hunter
Role details
Job location
Tech stack
Job description
The Leidos Digital Modernization sector is looking for a r to support a Defensive Cyber Operations (DCO) team in Washington, DC.
Our team provides mission critical, 24/7 operational support to the customer's mission of protecting federal networked systems and services from cyber threats impacting national security. While this position will primarily work during core hours (0600 - 1600), this position will be supporting a team of analysts working 24/7 rotating shifts (days, swings, nights). As such,
- and execute structured hunt campaigns by forming theories on adversary persistence and lateral movement based on the latest TTPs.
- Query and correlate massive datasets across cloud resources, identity systems, and network infrastructure to identify "low and slow" attacks that evade automated detection.
- Partner with detection teams to transform manual hunt discoveries into high-fidelity, automated detection rules (SIEM/EDR).
- Design and maintain automation scripts to scale threat mitigation and isolate compromised assets at machine speed.
- Utilize the MITRE ATT&CK framework to proactively search for Advanced Persistent Threat (APT) activity, assuming a "breach mentality" to uncover hidden adversaries.
- Analyze internal and external telemetry to identify early triggers and "smoke" that signal an imminent or ongoing compromise.
- Author detailed technical hunt reports summarizing findings, operational gaps, and measurable improvements to the organization's security posture.
- Maintain a deep understanding of the current threat landscape, focusing on how new vulnerabilities or malware variants could be exploited within the customer enterprise.
Requirements
-
Bachelor's Degree with 8+ yrs of experience or Master's Degree with 6+ yrs of relevant experience; additional years of experience may be substituted in lieu of degrees.
-
Must hold an IAT Level II or higher certification (or obtain within 180 days). (e.g., CompTIA Security +, CySA+, GSEC and SSCP) or (CASP+ CE, CCNP Security, CISA, GCED, and GCIH)
-
Must hold a CSSP Analyst certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, GIAC Global Information Assurance Certification (GCIA))
-
Must hold a CSSP Infrastructure Support certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, EC-Council CEH, CND, CHFI, GIAC GICSP, and ISC2 SSCP)
-
Technical Proficiency: Expert knowledge of networking protocols (TCP/IP, DNS, HTTP/S) and common security elements like IDS/IPS and next-gen firewalls.
-
Data Analysis: Direct experience analyzing complex packet captures and endpoint logs to reconstruct attack timelines.
-
and ability to passprior to start and maintain throughout employment
-
Hunt Methodology: Demonstrated experience planning and executing hunt missions in complex, hybrid-cloud environments.
-
Query Languages: Expert proficiency in SPL (Splunk), KQL (Kusto), or DSL (Elastic) for large-scale data mining.
-
Scripting for Security: Advanced use of Python, PowerShell, or Bash to automate repetitive hunt tasks and data enrichment.
-
Forensic Insight: Previous experience in Digital Forensics or Incident Response (DFIR) to assist in root-cause analysis.
-
Cloud Infrastructure: Familiarity with hunting within AWS, Azure, O365, and containerized workloads.
-
AI-Enhanced Defense: Experience using AI-driven analytics to sift through noise and identify anomalous behavioral patterns.
#ms