Threat Hunt Lead (Cybersecurity)

TL;DR

Threat Hunt Lead (Cybersecurity): Leading proactive threat hunting operations to identify APTs and insider threats for the Administrative Office of the US Courts with an accent on hypothesis-driven hunts and telemetry analysis. Focus on operationalizing threat intelligence, developing execution plans, and collaborating with detection engineering to close visibility gaps.

Location: Hybrid (Washington, DC). Requires an active Public Trust clearance.

Company

hirify.global provides specialized technical program support and cybersecurity services for federal government agencies.

What you will do

• Lead hypothesis-driven threat hunting operations to identify APTs, insider threats, and anomalous behaviors that evade traditional controls.
• Develop Threat Hunt Execution Plans and detailed reports documenting TTPs, queries, and identified risks for executive leadership.
• Analyze telemetry from SIEM, EDR, cloud, and network sources to identify indicators of compromise (IOCs) and attack patterns.
• Coordinate findings with Cybersecurity Triage, Incident Response, and Detection Engineering teams to remediate visibility gaps.
• Utilize security platforms including Splunk Enterprise Security, Microsoft Sentinel, Splunk SOAR, and CrowdStrike.
• Mentor junior threat hunters and develop SOPs and playbooks aligned with federal cybersecurity standards.

Requirements

• Active Public Trust clearance is mandatory.
• B.S. in Computer Science, Information Technology, or a related field.
• 5+ years of Incident Response experience in a large SOC (over 5,000 endpoints).
• 3+ years of experience in proactive threat hunting, adversary emulation, and querying large datasets.
• Proficiency in Python and PowerShell for developing custom security tools.
• Active OSCP or GXPN certification.