Cyber Threat Hunt Analyst

Cyber Threat Hunt Analyst
Location- Washington, DC
Clearance- Secret
Salary- 110k-135k/yr
The above salary range represents the range expected for the position; however, final salary offers are based on a number of factors such as the position's responsibilities; the candidate's experience, education, and skills; location; travel required; and current market conditions.

This program requires US Citizenship

To support a full range of cyber security services on a long-term contract in Washington DC, we are seeking a Cyber Threat Hunt & Forensics Analyst to :

• Ingest and analyze multi-source threat intelligence, including adversary research and MITRE ATT&CK-mapped Tactics, Techniques, and Procedures (TTPs), to understand relevant and emerging threats.
• Develop and refine threat hypotheses based on intelligence, environmental context, and observed behavioral patterns.
• Conduct proactive cyber threat hunting across enterprise networks, endpoints, cloud environments, and log datasets to identify malicious, suspicious, or anomalous activity that evades existing security controls.
• Apply deep technical knowledge of network protocols, services, and operating system internals to analyze telemetry, validate hypotheses, and differentiate benign from malicious behavior.
• Analyze adversary tradecraft across email, application, cloud, and operating system environments to improve behavioral understanding and detection strategy.
• Identify detection gaps and recommend improvements to hunting techniques, analytics, and security monitoring based on hunt outcomes.
• Perform forensics and malware analysis, as needed, to validate threat hunting findings and extract supporting Indicators of Compromise (IOCs), including support for forensic evidence preservation when required .

Required Skills

• Strong written and verbal communication skills to clearly document findings and communicate technical conclusions.
• Ability to apply threat intelligence, including MITRE ATT&CK, to understand adversary behavior and inform hypothesis-driven hunting.
• Proficiency in proactive cyber threat hunting across enterprise networks, endpoints, cloud environments, and log datasets.
• Ability to develop and refine detections and analytics based on observed adversary behavior and hunt outcomes.

• Strong understanding of attacker tradecraft across email, application, and cloud-based threat vectors.
• Advanced knowledge of networking fundamentals (TCP/IP, DNS, SMTP, DHCP) to analyze telemetry and network activity.
• Advanced knowledge of operating system internals and security mitigations across major platforms (Windows, Linux, macOS, mobile).

Desired Skills

• Experience performing digital forensics on network, host, or memory artifacts to validate threat hunting findings.
• Experience analyzing malware or anomalous code to determine malicious intent and functionality.
• Experience using forensic tools such as EnCase, Sleuthkit, or FTK.
• Experience preserving and handling digital evidence, including maintenance of chain of custody.
• Scripting or automation experience (e.g., Python, PowerShell, Bash) to support hunting workflows.
• Experience using SIEM platforms and query languages (e.g., Splunk, Sentinel).
• Experience producing threat intelligence products, including written reports or briefings.

Desired Certifications / Experience

• Bachelor's degree or higher.
• 10+ years of experience performing cyber threat hunting and supporting forensic analysis in support of enterprise or government incident response.

Position Responsibilities

• Analyze threat intelligence and adversary frameworks (including MITRE ATT&CK and the Azure Threat Research Matrix) to identify relevant tactics, techniques, gaps, and detection shortfalls.
• Plan and execute intelligence-driven and hypothesis-based cyber threat hunts across enterprise environments.
• Research and correlate large datasets and telemetry to uncover novel attack techniques, track adversary tradecraft, and investigate security alerts.
• Design, develop, and enhance cloud-native threat detections and analytics, including support for automated detection capabilities.
• Apply structured methodologies (e.g., Agile) to organize threat hunting activities, intelligence analysis, and reporting of outcomes.
• Analyze logs and supporting artifacts to validate threat hunting findings and determine adversary activity and scope.
• Perform digital forensics and evidence handling, as required, including creation of forensically sound copies and preservation of chain of custody, and produce clear technical reporting.

ABBTECH is an EOE/Minorities/Women/Disabled Individuals/Veterans