Job Requirements
Fayetteville, NC
Top Secret/SCI Polygraph not specified
Mid Level Career (5+ yrs experience)
$90,000 - $110,000
Job Description
The Cyber Threat Hunter is responsible for proactively identifying, analyzing, and mitigating advanced cyber threats targeting enterprise, on-prem, cloud, and mission systems. This role leverages threat intelligence, behavioral analytics, hypothesis-driven hunting, adversary tactics/techniques/procedures (TTPs), and automation to detect malicious activity not identified by traditional security controls. Provide continuous monitoring of alert queues, triage security events, and monitor the health of data sources related to security sensors and endpoint security agents.
The ideal candidate possesses deep expertise in threat hunting methodologies, cyber threat intelligence (CTI), log analytics, scripting, cloud security, and SIEM technologies such as Splunk ES and Elastic. This role supports defensive cyber operations across on-premises, hybrid, and cloud environments.
The Information Security Analyst Senior must have:
Threat Hunting Operations
• Conduct proactive and reactive threat hunts across enterprise networks, endpoints, servers, and cloud environments.
• Develop and execute hypothesis-based hunts using known adversary TTPs.
• Identify stealthy, persistent, or anomalous activity missed by automated detections.
• Pivot across multiple data sources to validate suspicious indicators.
Cyber Threat Intelligence (CTI)
• Leverage internal and external CTI feeds to enrich hunting operations.
• Translate intelligence reports into hunt hypotheses and detections.
• Analyze nation-state, criminal, and insider threat activity.
• Map adversary behavior to MITRE ATT&CK framework.
SIEM / Log Analytics
• Utilize Splunk or Elastic SIEM for advanced correlation searches, dashboards, detections, and threat investigations.
• Correlate logs from firewalls, EDR, DNS, authentication, proxy, cloud, and network sources.
• Tune detections to reduce false positives and improve fidelity.
Cloud Security Hunting
• Perform hunts within cloud environments such as Amazon Web Services, Microsoft Azure, and Google Cloud.
• Analyze cloud control plane logs, IAM activity, API abuse, storage misuse, and lateral movement.
• Hunt for persistence techniques in SaaS / IaaS / PaaS environments.
Automation & Engineering
• Develop scripts and automations to accelerate hunting and investigations.
• Build repeatable hunt playbooks and workflows.
• Integrate tools using APIs, SOAR, or custom automation.
• Automate enrichment of indicators and triage processes.
Incident Response Support
• Provide advanced analytical support to Incident Response teams.
• Validate indicators of compromise (IOCs)
• Support containment and eradication during active incidents.
● Security clearance level: TS/SCI Required
● Role requirements:
• Technical Training, Certification(s) or Degree, or additional years in lieu of degree
• 4+ years cybersecurity experience with 2+ years in threat hunting, SOC, IR, or CTI.
• Experience in DoW, Intelligence Community, or federal cyber environments preferred.
• Strong experience with Splunk or other SIEM platforms.
• Strong knowledge of CTI lifecycle and intelligence-driven defense.
• Experience creating hunt hypotheses and conducting structured hunts.
• Deep understanding of Windows, Linux, Active Directory, networking, and DNS.
• Knowledge of tools such as Trellix ESS, Splunk ES, Splunk SOAR, MAR/HX, NSM, Varonis, IDS, Stealthwatch, Cylance and ForeScout as duties performing cyber incident response and analysis.
• Familiarity with malware behavior and attacker tradecraft.
• Experience with cloud technologies (AWS, Azure, GCP).
Experience with one or more:
Ability to write or understand code in one or more:
• Python
• PowerShell
• Bash
• SQL
• Kusto Query Language
• JSON / YAML / Regex parsing
Compliance / Certifications
• DoD 8570 / 8140 compliant certification preferred such as:
• CompTIA Security+
• CySA+
• CASP+
• GIAC (GCIH, GCFA, etc.)
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)
· This position requires an active DoD Clearance (Secret, Top Secret, Top Secret/SCI) or the ability to be obtain an (Interim Secret, Interim Top Secret)
· Because an active or interim DoD clearance is required, U.S. Citizenship is required
The ideal candidate possesses deep expertise in threat hunting methodologies, cyber threat intelligence (CTI), log analytics, scripting, cloud security, and SIEM technologies such as Splunk ES and Elastic. This role supports defensive cyber operations across on-premises, hybrid, and cloud environments.
The Information Security Analyst Senior must have:
Threat Hunting Operations
• Conduct proactive and reactive threat hunts across enterprise networks, endpoints, servers, and cloud environments.
• Develop and execute hypothesis-based hunts using known adversary TTPs.
• Identify stealthy, persistent, or anomalous activity missed by automated detections.
• Pivot across multiple data sources to validate suspicious indicators.
Cyber Threat Intelligence (CTI)
• Leverage internal and external CTI feeds to enrich hunting operations.
• Translate intelligence reports into hunt hypotheses and detections.
• Analyze nation-state, criminal, and insider threat activity.
• Map adversary behavior to MITRE ATT&CK framework.
SIEM / Log Analytics
• Utilize Splunk or Elastic SIEM for advanced correlation searches, dashboards, detections, and threat investigations.
• Correlate logs from firewalls, EDR, DNS, authentication, proxy, cloud, and network sources.
• Tune detections to reduce false positives and improve fidelity.
Cloud Security Hunting
• Perform hunts within cloud environments such as Amazon Web Services, Microsoft Azure, and Google Cloud.
• Analyze cloud control plane logs, IAM activity, API abuse, storage misuse, and lateral movement.
• Hunt for persistence techniques in SaaS / IaaS / PaaS environments.
Automation & Engineering
• Develop scripts and automations to accelerate hunting and investigations.
• Build repeatable hunt playbooks and workflows.
• Integrate tools using APIs, SOAR, or custom automation.
• Automate enrichment of indicators and triage processes.
Incident Response Support
• Provide advanced analytical support to Incident Response teams.
• Validate indicators of compromise (IOCs)
• Support containment and eradication during active incidents.
● Security clearance level: TS/SCI Required
● Role requirements:
• Technical Training, Certification(s) or Degree, or additional years in lieu of degree
• 4+ years cybersecurity experience with 2+ years in threat hunting, SOC, IR, or CTI.
• Experience in DoW, Intelligence Community, or federal cyber environments preferred.
• Strong experience with Splunk or other SIEM platforms.
• Strong knowledge of CTI lifecycle and intelligence-driven defense.
• Experience creating hunt hypotheses and conducting structured hunts.
• Deep understanding of Windows, Linux, Active Directory, networking, and DNS.
• Knowledge of tools such as Trellix ESS, Splunk ES, Splunk SOAR, MAR/HX, NSM, Varonis, IDS, Stealthwatch, Cylance and ForeScout as duties performing cyber incident response and analysis.
• Familiarity with malware behavior and attacker tradecraft.
• Experience with cloud technologies (AWS, Azure, GCP).
Experience with one or more:
Ability to write or understand code in one or more:
• Python
• PowerShell
• Bash
• SQL
• Kusto Query Language
• JSON / YAML / Regex parsing
Compliance / Certifications
• DoD 8570 / 8140 compliant certification preferred such as:
• CompTIA Security+
• CySA+
• CASP+
• GIAC (GCIH, GCFA, etc.)
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)
· This position requires an active DoD Clearance (Secret, Top Secret, Top Secret/SCI) or the ability to be obtain an (Interim Secret, Interim Top Secret)
· Because an active or interim DoD clearance is required, U.S. Citizenship is required
group id: 10105424
