Senior Cyber Threat Hunting Specialist IRES - HSV

Position Title: Senior Cyber Threat Hunting Specialist

Location: Redstone Arsenal, Huntsville, AL

Relocation Assistance: None available at this time

Remote/Telework: NO

Clearance Type: DoW Top Secret with SCI Eligibility

Shift: Day shift

Travel Required: Up to 10% of the time

Description of Duties:

The Senior Cyber Threat Hunting Specialist supports the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract. The candidate will:

• Serve as the primary Subject Matter Expert (SME) on advanced threats for the MDA Cyber Security Service Provider (MDA CSSP), collaborating with Defensive Cyber Operations, Cyber Threat Intelligence (CTI), Cyber Threat Emulation (CTE), and Forensics teams to drive unified defensive strategies
• Develop and execute intelligence-driven hunt hypotheses to detect Advanced Persistent Threats (APTs) and anomalies that bypass traditional security controls
• Map adversary Tactics, Techniques, and Procedures (TTPs) using the MITRE ATT&CK framework and integrate tactical threat intelligence into hunt operations
• Analyze network traffic, host-based logs, and endpoint telemetry utilizing SIEM, EDR, and packet capture tools
• Correlate asset, threat, and vulnerability data against known adversary exploits and techniques to determine impact and improve network defensive posture
• Leverage actionable Cyber Threat Intelligence data to search for indicators of compromise and assist in the development of SIEM content/signatures to detect known attack patterns and make recommendations to improve detection capabilities, tune alerts, and close security gaps
• Coordinate with CSSP subscribers to develop current configurations, rules, and signatures for cyber security related toolsets
• Coordinate with CSSP subscribers to notify, investigate, and remediate discrepancies in security logging and CSSP alignment
• Transition confirmed threats to Defensive Cyber Operations, providing forensic artifacts, root cause analysis, and actionable intelligence during active investigations
• Create and maintain custom scripts (e.g., PowerShell, Bash, Elastic KQL, ES|QL) to automate data parsing, log aggregation, and routine hunt tasks
• Provide technical mentorship, conduct training sessions, and participate in tabletop exercises to elevate the team's overall capability in advanced threat detection
• Review data of ongoing intrusions or cybersecurity incidents and report, analyze, and document/report the findings in accordance with CJCSM 6510.01B guidelines
• Provide support to internal and external insider threat and law enforcement / counterintelligence (LE/CI) agencies during cyber incidents / investigations.
• Advise security leadership and Defensive Cyber Operations teams on emerging adversary capabilities, translating tactical hunt findings into strategic recommendations for infrastructure hardening
• Develop and maintain comprehensive documentation, including hunt runbooks, methodologies, and technical debriefs, ensuring actionable intelligence is effectively disseminated across multiple departments

The successful candidate will:

• Have experience with MS Office 365 suite applications (Word, Excel, PowerPoint, Visio, etc.)
• Be able to multi-task and prioritize various projects and assignments in a dynamic work environment to meet scheduled/unscheduled customer requests
• Be willing to travel up to 25% of the time
• Be willing to support teams in a 24/7 operational environment and respond quickly to emergencies as needed
• Have excellent communication skills, with the ability to translate complex technical findings into concise and actionable intelligence for senior leadership and non-technical stakeholders

Resumes, in month and year format, must be submitted with application in order to be considered for the position. The selected candidate may be assigned as an employee for one of our teammate companies.

Basic Requirements:

• Must have 6 years of combined experience in Defensive Cyber Operations (DCO), to include enterprise-level security monitoring, incident response, and threat hunting
• Must have 2 years of experience in management or leadership in a team environment
• Must have experience applying the MITRE ATT&CK framework to security operations or intelligence analysis
• Must have one, or more, of the following certifications: CFR, CySA+, GCFA, GCIA, GICSP
• Must have an active DoW Top Secret with SCI Eligibility

Desired Requirements:

• Have a Master's degree, or higher, in Cybersecurity, Computer Science or related field
• Possess one or more of the following advanced cybersecurity certifications: Offensive Security: OSCP, PNPT, GPEN | Forensics/Incident Response: GCFA, GCFE, GCIH, EC-Council Certified Hacking Forensic Investigator (CHFI) | Threat Hunting/Analysis: GIAC Certified Cyber Threat Intelligence (GCTI)
• Have an active DoD Top Secret clearance
• Have experience with security analysis and solutions in a WAN/LAN environment to include Routers, Switches, Network Devices, and Operating Systems (e.g., Windows, and Linux)
• Have experience with other Security Operations Centers (SOC)/DCO tools/applications, such as Firewalls, Intrusion Detection Systems / Intrusion Prevention Systems, Network Security Manager, Forward Proxy, Spam Firewall, etc.
• Have experience analyzing security compliance scans performed across a WAN (ACAS/Nessus preferred)
• Have experience analyzing network and host-based threats (ESS preferred)
• Be able to mentor and train personnel in an evolving, high-paced environment
• Be familiar with DoD Security Operations Centers (SOC)
• Be familiar with DCO/Cybersecurity Service Provider (CSSP)-guiding security policies and procedures
• Have demonstrable experience in offensive security operations, such as penetration testing, red teaming, or exploit development
• Have experience with advanced digital forensics, including host-based and memory analysis
• Be proficient in scripting and data analysis with languages such as Python, PowerShell, Bash, or KQL to automate tasks and parse large datasets
• Be familiar with the intelligence cycle and its application to cybersecurity operations
• Have experience with hunt-centric security platforms, including industry-standard Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR) tools
• Be familiar with the application of Artificial Intelligence (AI) and Large Language Models (LLMs) in cybersecurity, including the ability to leverage AI-driven security tools and critically assess their output

This position will be posted for a minimum of 3 days. If a candidate has not been selected at that time, it will continue to be posted until a suitable candidate is selected or the position is closed.

Compensation Details:
$149,000 - $158,000

The compensation range or hourly rate listed for this position is provided as a good-faith estimate of what the company intends to offer for this role at the time this posting was issued. Actual compensation may vary based on factors such as job responsibilities, education, experience, skills, internal equity, market data, applicable collective bargaining agreements, and relevant laws.

Benefits Overview:

Our health and welfare benefits are designed to support you and your priorities. Offerings include:

• Health, dental, and vision insurance
• Paid time off and holidays
• Retirement benefits (including 401(k) matching)
• Educational reimbursement
• Parental leave
• Employee stock purchase plan
• Tax-saving options
• Disability and life insurance
• Pet insurance

Note: Benefits may vary based on employment type, location, and applicable agreements. Positions governed by a Collective Bargaining Agreement (CBA), the McNamara-O'Hara Service Contract Act (SCA), or other employment contracts may include different provisions/benefits.

Original Posting:
06/12/2026 - 06/22/2026
Amentum anticipates this job requisition will remain open for at least three days, with a closing date no earlier than three days after the original posting. This timeline may change based on business needs.

Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, sex, sexual orientation, pregnancy (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, ancestry, United States military or veteran status, color, religion, creed, marital or domestic partner status, medical condition, genetic information, national origin, citizenship status, low-income status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal laws and supplemental language at Labor Laws Posters .