Cyber Threat Hunter

The Leidos Digital Modernization sector is looking for a Cyber Threat Hunter to support a Defensive Cyber Operations (DCO) team in Washington DC. This position is expected to become available in Summer 2026.

Our team provides mission critical 24/7 operational support to the customers mission of protecting federal networked systems and services from cyber threats impacting national security. This hybrid position is primarily on-site with potential for up to 20% telework. While this position will primarily work during core hours (0) this position will be supporting a team of analysts working 24/7 rotating shifts (days swings nights). As such occasional shift work or weekend work may be required to fill unexpected gaps in coverage.

PRIMARY RESPONSIBILITIES:

• Hypothesis-Driven Hunting: Develop and execute structured hunt campaigns by forming theories on adversary persistence and lateral movement based on the latest TTPs.
• Advanced Telemetry Analysis: Query and correlate massive datasets across cloud resources identity systems and network infrastructure to identify low and slow attacks that evade automated detection.
• Detection Engineering Pipeline: Partner with detection teams to transform manual hunt discoveries into high-fidelity automated detection rules (SIEM/EDR).
• Automated Countermeasure Deployment: Design and maintain automation scripts to scale threat mitigation and isolate compromised assets at machine speed.
• APT Targeting & Engagement: Utilize theMITRE ATT&CKframework to proactively search for Advanced Persistent Threat (APT) activity assuming a breach mentality to uncover hidden adversaries.
• Indications & Warnings (I&W) Integration: Analyze internal and external telemetry to identify early triggers and smoke that signal an imminent or ongoing compromise.
• Tactical Reporting & Metrics: Author detailed technical hunt reports summarizing findings operational gaps and measurable improvements to the organizations security posture.
• Situational Awareness: Maintain a deep understanding of the current threat landscape focusing on how new vulnerabilities or malware variants could be exploited within the customer enterprise.

BASIC QUALIFICATIONS:

• Bachelors Degree with 8 yrs of experience or Masters Degree with 6 yrs of relevant experience; additional years of experience may be substituted in lieu of degrees.
• DoD 8570 IAT Level II/III:Must hold an IAT Level II or higher certification (or obtain within 180 days). (e.g. CompTIA Security CySA GSEC and SSCP) or (CASP CE CCNP Security CISA GCED and GCIH)
• DoD 8570 CSSP Analyst:Must hold a CSSP Analyst certification (or obtain within 180 days). (e.g. CompTIA CySA Cloud GIAC Global Information Assurance Certification (GCIA))
• DoD 8570 CSSP Infrastructure Support: Must hold a CSSP Infrastructure Support certification (or obtain within 180 days). (e.g. CompTIA CySA Cloud EC-Council CEH CND CHFI GIAC GICSP and ISC2 SSCP)
• Technical Proficiency: Expert knowledge of networking protocols (TCP/IP DNS HTTP/S) and common security elements like IDS/IPS and next-gen firewalls.
• Data Analysis: Direct experience analyzing complex packet captures and endpoint logs to reconstruct attack timelines.

• Security Clearance: Current DoD TS/SCI security clearance and ability to pass additional customer suitability screenings prior to start and maintain throughout employment.

PREFERRED SKILLS:

• Hunt Methodology:Demonstrated experience planning and executing hunt missions in complex hybrid-cloud environments.
• Query Languages:Expert proficiency inSPL(Splunk)KQL(Kusto) orDSL(Elastic) for large-scale data mining.
• Scripting for Security:Advanced use ofPythonPowerShell orBashto automate repetitive hunt tasks and data enrichment.
• Forensic Insight:Previous experience in Digital Forensics or Incident Response (DFIR) to assist in root-cause analysis.
• Cloud Infrastructure:Familiarity with hunting within AWS Azure O365 and containerized workloads.
• AI-Enhanced Defense:Experience using AI-driven analytics to sift through noise and identify anomalous behavioral patterns.

#ms

If youre looking for comfort keep scrolling. At Leidos we outthink outbuild and outpace the status quo because the mission demands it. Were not hiring followers. Were recruiting the ones who disrupt provoke and refuse to fail. Step 10 is ancient history. Were already at step 30 and moving faster than anyone else dares.

Original Posting:

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.