CBO Tier 3 Threat Hunter

CFocus Softwareorporated

Job Location:

Washington, AR - USA

Monthly Salary: Not Disclosed

Posted on: 6 hours ago

Vacancies: 1 Vacancy

Job Summary

Active Public Trust clearance
B.S. Computer Science Information Technology or a related field
7 years of experience in cybersecurity operations threat hunting or incident response
Strong experience with Microsoft Sentinel and Kusto Query Language (KQL)
Hands-on experience with Microsoft Defender XDR (Endpoint Identity)
Experience analyzing logs across cloud (AWS) network and endpoint environments
Strong knowledge of MITRE ATT&CK framework and adversary techniques
Experience with digital forensics and malware analysis
Ability to conduct root cause analysis and develop remediation strategies
Experience working in 24x7 SOC environments
Preferred certifications include but are not limited to
- GCIA GCIH CISSP CEH or equivalent cybersecurity certifications
- Microsoft Sentinel or Microsoft security platform certifications
- Relevant cloud security certifications (e.g. AWS security)
- Privacy certifications (e.g. CIPP/US CIPM) where applicable

Duties:

Conduct proactive threat hunting across identity endpoint network and cloud telemetry
Lead advanced incident investigations including root cause analysis and forensic analysis
Develop and tune detection logic and analytics within Microsoft Sentinel (KQL)
Perform correlation of multi-source telemetry aligned to MITRE ATT&CK framework
Analyze logs from Microsoft Defender (Endpoint Identity) AWS firewalls VPNs and other sources
Support incident containment eradication and recovery activities
Develop and improve threat hunting hypotheses based on intelligence and trends
Validate and refine detection use cases and monitoring capabilities
Support red team / purple team exercises and adversary emulation
Produce detailed incident reports including timelines and remediation recommendations
Identify security gaps and recommend mitigation strategies
Collaborate with Tier 1 and Tier 2 analysts to improve triage and escalation processes

Required Experience:

Senior IC

cFocus Software seeks a Tier 3 / Threat Hunter to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance.Qualifications:Active Public Trust clearanceB.S. Computer Science Information Technology or a related field7 y...

Active Public Trust clearance
B.S. Computer Science Information Technology or a related field
7 years of experience in cybersecurity operations threat hunting or incident response
Strong experience with Microsoft Sentinel and Kusto Query Language (KQL)
Hands-on experience with Microsoft Defender XDR (Endpoint Identity)
Experience analyzing logs across cloud (AWS) network and endpoint environments
Strong knowledge of MITRE ATT&CK framework and adversary techniques
Experience with digital forensics and malware analysis
Ability to conduct root cause analysis and develop remediation strategies
Experience working in 24x7 SOC environments
Preferred certifications include but are not limited to
- GCIA GCIH CISSP CEH or equivalent cybersecurity certifications
- Microsoft Sentinel or Microsoft security platform certifications
- Relevant cloud security certifications (e.g. AWS security)
- Privacy certifications (e.g. CIPP/US CIPM) where applicable

Duties:

Conduct proactive threat hunting across identity endpoint network and cloud telemetry
Lead advanced incident investigations including root cause analysis and forensic analysis
Develop and tune detection logic and analytics within Microsoft Sentinel (KQL)
Perform correlation of multi-source telemetry aligned to MITRE ATT&CK framework
Analyze logs from Microsoft Defender (Endpoint Identity) AWS firewalls VPNs and other sources
Support incident containment eradication and recovery activities
Develop and improve threat hunting hypotheses based on intelligence and trends
Validate and refine detection use cases and monitoring capabilities
Support red team / purple team exercises and adversary emulation
Produce detailed incident reports including timelines and remediation recommendations
Identify security gaps and recommend mitigation strategies
Collaborate with Tier 1 and Tier 2 analysts to improve triage and escalation processes