Threat Hunt Lead (Cybersecurity)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Threat Hunt Lead (Cybersecurity): Leading proactive threat hunting operations to identify APTs and anomalous behaviors within a large-scale SOC environment with an accent on hypothesis-driven hunting and adversary emulation. Focus on developing execution plans, analyzing complex telemetry across EDR/SIEM platforms, and driving continuous improvement in detection coverage.
Location: Must be based in or able to commute to Washington, DC (Hybrid)
Company
provides specialized IT and cybersecurity support services for federal government agencies.
What you will do
- Lead proactive threat hunting operations to identify APTs, insider threats, and malicious activity.
- Develop and execute hypothesis-driven threat hunts using threat intelligence and behavioral analytics.
- Analyze endpoint, network, cloud, and SIEM telemetry to identify indicators of compromise.
- Coordinate hunt activities within Agile two-week sprint cycles.
- Collaborate with Detection Engineering to remediate visibility gaps and improve detection coverage.
- Provide mentorship and technical guidance to threat hunters and supporting analysts.
Requirements
- Active Public Trust clearance required.
- B.S. in Computer Science, Information Technology, or related field.
- 5+ years of experience in IR within a large SOC (5,000+ endpoints).
- 3+ years of focused experience in proactive threat hunting or adversary emulation.
- 3+ years of experience in forming hypotheses and querying large datasets.
- 2+ years of experience with Python and PowerShell for tool development.
- Active OSCP or GXPN certification.
Culture & Benefits
- Support for mission-critical federal government systems.
- Opportunity to work with advanced security platforms including Splunk, Sentinel, and CrowdStrike.
- Structured Agile environment with clear sprint deliverables.
- Focus on continuous improvement and threat hunting maturity.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →