Cyber Threat Intelligence & Threat Hunting Lead

cFocus Software Incorporated
Washington, United States of America
2 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Washington, United States of America

Tech stack

Computer Telephony Integration
Intelligence Analysis
Intrusion Detection and Prevention
Security Information and Event Management
Mitre Att&ck
Malware
Cybercrime
Cyber Warfare
Splunk

Job description

The Cyber Threat Intelligence & Threat Hunting Lead will oversee integrated cyber threat intelligence (CTI), detection engineering, and proactive threat hunting operations supporting enterprise cyber defense missions. The Lead will drive development of intelligence-driven detections, hunt methodologies, adversary tracking, SIEM content engineering, and operational threat-informed defense capabilities., * Lead CTI, detection engineering, and threat hunting operations.

  • Develop intelligence-driven detection and hunt strategies.
  • Produce operational and strategic threat intelligence reporting.
  • Develop and maintain:
  • SIEM detections,
  • analytics,
  • correlation rules,
  • behavioral detections,
  • and hunt playbooks.
  • Conduct hypothesis-based threat hunting aligned to:
  • MITRE ATT&CK,
  • adversary TTPs,
  • malware campaigns,
  • and emerging threats.
  • Integrate CTI into SOC workflows, detection engineering, and incident response operations.
  • Analyze:
  • malware trends,
  • adversary infrastructure,
  • campaigns,
  • indicators,
  • and attack patterns.
  • Support automation and SOAR integration initiatives.
  • Brief executives and technical leadership on emerging threats and operational risk.

Requirements

  • 10+ years of cybersecurity operations experience.
  • 5+ years supporting CTI, threat hunting, or detection engineering programs.
  • Experience with:
  • Splunk,
  • Sentinel,
  • CrowdStrike,
  • EDR telemetry,
  • detection content engineering,
  • and intelligence platforms.
  • Strong understanding of:
  • MITRE ATT&CK,
  • adversary tradecraft,
  • malware analysis,
  • and intelligence analysis methodologies.
  • Experience developing:
  • SIEM detections,
  • hunt analytics,
  • detection tuning,
  • and operational reporting.

Preferred Certifications

  • GCTI
  • GCFA
  • GCIH
  • GMON
  • GCDA
  • CISSP
  • Splunk Security certifications

Benefits & conditions

Invitation for Job Applicants to Self-Identify as a U.S. Veteran

  • A "disabled veteran" is one of the following:
  • a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or
  • a person who was discharged or released from active duty because of a service-connected disability.
  • A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.
  • An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.
  • An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Apply for this position