user avatar

Threat Hunt Analyst - High - Digital Forensics

Koniag Government Services

Posted today

Job Requirements

Washington, DC
Public Trust Full Scope Polygraph
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries

Job Description

Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking a Threat Hunt Analyst - High - Digital Forensics to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust.

We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.

Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced Senior Threat Hunt Analyst with advanced Digital Forensics capabilities to support the U.S. Small Business Administration (SBA). The ideal candidate is a highly skilled cybersecurity professional with deep expertise in proactive threat hunting, advanced digital forensics investigation, and incident response within complex federal IT environments. This individual will play a pivotal role in identifying and neutralizing advanced persistent threats (APTs) and sophisticated adversaries targeting SBA's critical systems and data, leveraging cutting-edge forensic techniques, threat intelligence, and adversary emulation knowledge to stay ahead of the evolving threat landscape facing the agency.

The Senior Threat Hunt Analyst will serve as a highly experienced cybersecurity professional responsible for designing and leading proactive threat hunting programs and conducting advanced digital forensics investigations in support of SBA's cybersecurity mission. This individual will bring deep technical expertise in adversary TTPs, forensic analysis, and malware reverse engineering to proactively identify hidden threats, support complex incident investigations, and continuously strengthen SBA's defensive capabilities.

Principal responsibilities will include but are not limited to:
  • Design, develop, and lead proactive threat hunting programs and targeted hunting campaigns across SBA's enterprise IT environment, including on-premises, cloud, and hybrid infrastructures, leveraging advanced analytical techniques, behavioral analytics, and threat intelligence to identify hidden adversaries, undetected malicious activity, and emerging threats before they impact SBA operations.
  • Apply expert-level knowledge of threat actor tactics, techniques, and procedures (TTPs) and the MITRE ATT&CK framework to develop, prioritize, and execute hypothesis-driven threat hunts targeting high-priority adversary behaviors, attack patterns, and threat vectors relevant to SBA's mission and threat landscape.
  • Conduct advanced digital forensics investigations in response to cybersecurity incidents and threat hunt findings, including the forensically sound acquisition, preservation, and analysis of digital evidence from endpoints, servers, network devices, cloud environments, and mobile platforms, in strict accordance with federal forensic standards and chain of custody requirements.
  • Perform advanced malware analysis, including both static analysis techniques (e.g., disassembly, decompilation, string analysis, import analysis) and dynamic analysis techniques (e.g., behavioral sandbox analysis, API monitoring, network traffic analysis), to fully characterize the capabilities, behaviors, persistence mechanisms, and indicators of compromise (IOCs) associated with malicious code identified within SBA's environment.
  • Conduct in-depth analysis of network traffic captures, memory artifacts, disk images, log data, and endpoint telemetry to reconstruct detailed attack timelines, identify root causes, characterize adversary TTPs, and determine the full scope and impact of security incidents and threat hunt findings.
  • Develop and maintain a comprehensive library of threat hunting hypotheses, hunt playbooks, and forensic investigation procedures, ensuring they remain current with the evolving threat landscape, emerging adversary TTPs, and changes to SBA's operational IT environment.
  • Produce detailed, high-quality forensic examination reports, threat hunt reports, and after-action reviews (AARs) documenting investigation methodologies, findings, evidence analysis, attack timelines, and actionable recommendations for SBA leadership, stakeholders, and inter-agency partners.
  • Collaborate closely with the SOC team, Cybersecurity Operations Technical Lead, Cybersecurity Architect, and SBA security leadership to share threat hunt findings, integrate newly identified IOCs, detection signatures, and behavioral analytics into SOC monitoring tools, and drive continuous improvement of SBA's detection and response capabilities.
  • Operationalize threat intelligence from government and commercial sources, including US-CERT, CISA, ISACs, and commercial threat intelligence platforms, to inform and prioritize threat hunting campaigns, guide forensic investigations, and enhance SBA's overall cyber defense posture.
  • Provide senior technical expertise and support during significant cybersecurity incidents, leading forensic investigation activities and coordinating with US-CERT, CISA, and other federal partners as needed to support effective incident response and inter-agency coordination.
  • Develop and tune SIEM detection rules, correlation logic, and behavioral analytics based on threat hunt findings and forensic investigation results to improve the SOC's ability to detect and respond to identified and emerging adversary TTPs targeting SBA systems.
  • Conduct vulnerability research and exploitability analysis to assess the real-world risk of vulnerabilities affecting SBA systems, informing remediation prioritization and supporting the understanding of potential adversary exploitation paths.
  • Deliver expert technical briefings and presentations to SBA leadership, stakeholders, and inter-agency partners on threat hunt findings, forensic investigation results, emerging threats, and recommendations for strengthening SBA's cybersecurity posture.
  • Mentor and provide advanced technical guidance to SOC analysts and junior threat hunt and forensics team members, elevating team capabilities in threat hunting methodologies, digital forensics techniques, and malware analysis practices.
  • Support the continuous improvement of SBA's threat hunting and digital forensics program, including the evaluation and recommendation of new tools, technologies, and methodologies to enhance program effectiveness and efficiency.

Education and Experience:

Required:
  • Bachelor's degree in Cybersecurity, Computer Science, Digital Forensics, Information Technology, or a related field from an accredited college or university.
  • 8+ years of progressive experience in cybersecurity operations, with at least 4 years of dedicated, hands-on experience in threat hunting, digital forensics, and/or malware analysis in a senior or lead capacity within a SOC, CSIRT, or dedicated threat hunting team.
  • Demonstrated experience conducting advanced digital forensics investigations and proactive threat hunting operations within a federal government or large enterprise IT environment.
  • One or more of the following certifications:
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Forensic Examiner (GCFE)
  • GIAC Reverse Engineering Malware (GREM)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Enterprise Defender (GCED)
  • EnCase Certified Examiner (EnCE)
  • Certified Forensic Computer Examiner (CFCE)
  • Offensive Security Certified Professional (OSCP)
  • Certified Information Systems Security Professional (CISSP)

Desired:
  • Master's degree in Cybersecurity, Digital Forensics, Computer Science, or a related field.
  • 10+ years of cybersecurity experience with a strong and demonstrated focus on threat hunting, digital forensics, and malware analysis within a federal government or defense contracting environment.

Required Skills and Competencies:
  • Exceptional communication skills in English - both written and oral - with the ability to clearly and effectively articulate complex forensic findings, threat hunt results, malware analysis outputs, and technical recommendations to both technical and non-technical audiences, including senior SBA leadership and inter-agency partners.
  • Advanced expertise in proactive threat hunting methodologies, including hypothesis-driven hunting, behavioral analytics-based hunting, and intelligence-driven hunting, with demonstrated ability to apply the MITRE ATT&CK framework to identify, characterize, and respond to adversary activity within complex enterprise environments.
  • Deep proficiency in digital forensics tools and techniques across multiple forensic disciplines, including disk forensics, memory forensics, network forensics, and cloud forensics, utilizing industry-standard platforms such as EnCase, FTK, Autopsy, Volatility, Magnet AXIOM, X-Ways Forensics, or equivalent tools.
  • Strong expertise in malware analysis, including both static analysis (e.g., disassembly using IDA Pro or Ghidra, decompilation, string extraction, import analysis, and PE header analysis) and dynamic analysis (e.g., behavioral analysis in controlled sandbox environments using Cuckoo Sandbox, Any.run, or equivalent, including API call monitoring, network traffic analysis, and registry activity tracking).
  • Advanced proficiency in log analysis and cross-source data correlation, with the ability to analyze and correlate data across diverse sources including Windows Event Logs, Syslog, cloud platform logs, application logs, and network flow data to reconstruct detailed attack timelines and support thorough forensic investigations.
  • Hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, ArcSight, or similar) and demonstrated ability to develop advanced queries, custom detection rules, and behavioral analytics to support threat hunting campaigns and improve SOC detection capabilities based on hunt findings.
  • Strong knowledge of network security concepts and protocols, including TCP/IP, DNS, HTTP/S, and demonstrated ability to analyze packet captures and network traffic flows using tools such as Wireshark, Zeek, NetworkMiner, or similar to support threat hunting and forensic investigations.
  • Proficiency with endpoint detection and response (EDR) platforms and demonstrated ability to leverage advanced EDR telemetry, including process trees, memory artifacts, and behavioral data, for sophisticated threat hunting and forensic investigation activities.
  • Demonstrated ability to operationalize threat intelligence from multiple government and commercial sources, including US-CERT, CISA, ISACs, and commercial TIPs, to drive threat hunting priorities, guide forensic investigations, and enhance SBA's detection and response capabilities.
  • Deep understanding of adversary TTPs, kill chain methodologies, and threat actor groups relevant to federal civilian agencies, including nation-state actors, financially motivated cybercriminal organizations, and insider threats, and the ability to apply this knowledge to threat hunting and forensic investigation activities.
  • Experience conducting digital forensics investigations in strict compliance with federal evidence handling standards, chain of custody requirements, and applicable legal and regulatory frameworks governing the use of digital evidence
  • Strong knowledge of federal cybersecurity frameworks and compliance requirements, including NIST SP 800-53, NIST SP 800-61, NIST SP 800-86, FISMA, and CISA guidance and directives, and their application to threat hunting and digital forensics activities within a federal civilian agency environment.
  • Ability to obtain and maintain a Public Trust Clearance.

Desired Skills and Competencies:
  • Prior experience supporting SBA or other federal civilian agency cybersecurity programs, particularly in a threat hunting or digital forensics capacity, with demonstrated knowledge of SBA's IT environment and threat landscape.
  • Advanced experience with cloud forensics and threat hunting in AWS, Azure, or GCP environments, including in-depth familiarity with cloud-native logging, monitoring, and forensic investigation capabilities such as AWS CloudTrail, Azure Activity Logs, Microsoft Defender for Endpoint, and Google Cloud Logging.
  • Experience with Security Orchestration, Automation, and Response (SOAR) platforms and proficiency in scripting languages such as Python, PowerShell, or Bash for the development of automated threat hunting workflows, forensic analysis scripts, and IOC enrichment tools.
  • Familiarity with deception technologies, including honeypots, honeynets, and enterprise deception platforms, and experience leveraging deception capabilities to support threat hunting operations, adversary identification, and intelligence collection.
  • Experience with threat intelligence platforms (TIPs) such as MISP, ThreatConnect, Anomali, or similar, and demonstrated familiarity with structured threat intelligence formats and sharing standards, including STIX/TAXII.
  • Knowledge of Zero Trust Architecture (ZTA) principles and their implications for threat hunting, forensic investigation, and adversary detection within a federal IT environment undergoing Zero Trust transformation.
  • Familiarity with the CDM (Continuous Diagnostics and Mitigation) program tools, data feeds, and operational requirements, and experience leveraging CDM data to support threat hunting and forensic investigation activities within a federal civilian agency environment.
  • Experience supporting or leading digital forensics investigations in response to nation-state or advanced persistent threat (APT) actor activity targeting federal civilian agencies.
  • GIAC Network Forensic Analyst (GNFA) or GIAC Cloud Forensics Responder (GCFR) certification.
  • Experience with mobile device forensics, including the forensically sound acquisition and analysis of mobile device artifacts using industry-standard tools such as Cellebrite UFED, Oxygen Forensic Detective, or equivalent platforms.
  • Experience working within FedRAMP authorized cloud environments and familiarity with FedRAMP boundary definitions, security requirements, and forensic investigation considerations as they relate to cloud-based evidence collection and threat hunting activities.
  • Familiarity with adversarial machine learning (ML) concepts and the potential application of AI/ML techniques to threat hunting automation, anomaly detection, and the analysis of large-scale security telemetry datasets.

Our Equal Employment Opportunity Policy

The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.

The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.

Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com.

Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
group id: 10201473
Find Koniag Government Services on Social Media
Recruiters
user avatar
About Us
Koniag Government Services (KGS) supports the values and traditions of our Native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services, and Operational Management to Federal Government Agencies. We apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and Native communities. Through our wholly-owned subsidiary companies, including SBA Certified 8(a) and HUBZone companies, we provide exceptional service to our Government clients with a committed focus on: Community Mission. Solution Oriented. Exceptional People.

Koniag Government Services Jobs


Job Category
Finance
Clearance Level
Public Trust