Senior Threat Hunter

TL;DR

Senior Threat Hunter (Cybersecurity): Conduct proactive threat hunts and incident response in cloud and on-prem environments like Microsoft Azure, O365, Active Directory, and Zscaler with an accent on hypothesis-based hunting using Splunk Enterprise Security. Focus on analyzing EDR data from CrowdStrike and Sysmon, vulnerability management with Tenable Nessus, network traffic with NetScout, and developing custom detections for advanced threats.

Location: 80% onsite (Monday-Thursday) required at AOUSC office in Washington, DC; 1 day remote (Friday); hours 8am-4:30pm; ability to obtain Public Trust clearance

Company

hirify.global supports the Administrative Offices of the United States Courts (AOUSC).

What you will do

• Provide incident response and proactive threat hunting across judicial datasets to identify anomalies, threat actors, misconfigurations, and detection gaps.
• Develop and execute hypothesis-based hunts using TTPs, agile scrum, and tools like Splunk, Microsoft Sentinel, CrowdStrike, Sysmon, Tenable Nessus, NetScout.
• Analyze SIEM alerts, OSINT, EDR data, network traffic; triage malware; track incidents from detection to resolution.
• Configure/deploy EDR agents, create custom detection searches, interface with IT contacts, participate in after-action reviews and daily scrum standups.
• Respond to technical requests via ITSM tickets for cloud/non-cloud environments including Azure, O365, Active Directory, Zscaler.

Requirements

• 5+ years threat hunting and incident response in cloud/non-cloud (Azure, O365, Active Directory, Zscaler)
• 5+ years hypothesis-based hunting with Splunk Enterprise Security
• 5+ years data collection/analysis with EDR (CrowdStrike), scripts (Sysmon, Auditd)
• Experience with Microsoft Sentinel, Tenable Nessus, SYN/ACK, NetScout, SPUR.us, Mandiant intel
• One of: GCIA, GCIH, GMON, GDAT, Splunk Core Power User
• Must work 80% onsite in Washington, DC