Threat Hunt Analyst Mid Job Description

Position Summary

Essential Duties and Responsibilities

• Perform proactive threat hunting activities across SBA enterprise environments in support of Task Areas 3.5.3 and 3.5.3.5.
• Analyze security event data endpoint telemetry SIEM logs network traffic DNS activity and cloud security data to identify indicators of malicious activity.
• Conduct advanced threat hunting operations using behavioral analytics threat intelligence anomaly detection and adversary emulation techniques.
• Identify investigate and validate indicators of compromise (IOCs) indicators of attack (IOAs) and suspicious cybersecurity events.
• Support Security Operations Center (SOC) monitoring detection and response activities within a 24x7x365 operational environment.
• Perform hunting activities related to advanced persistent threats (APTs) insider threats ransomware campaigns credential abuse lateral movement and data exfiltration.
• Correlate cyber threat intelligence with operational event data to identify emerging threats impacting SBA systems and cloud environments.
• Develop and maintain threat hunting playbooks procedures detection methodologies and use cases aligned with MITRE ATT&CK techniques.
• Perform endpoint host-based and network-based threat analysis using EDR SIEM IDS/IPS and forensic analysis tools.
• Support incident response investigations by providing detailed threat analysis timeline reconstruction and adversary activity assessments.
• Develop custom threat hunting queries scripts analytics and detection signatures to improve enterprise threat visibility.
• Analyze and investigate cloud security events across Microsoft Azure Microsoft 365 AWS Salesforce and hybrid cloud environments.
• Document threat hunting findings operational assessments intelligence summaries and recommended remediation actions.
• Provide technical recommendations to improve threat detection capabilities monitoring coverage and cybersecurity defensive measures.
• Coordinate with SOC analysts incident responders engineers federal stakeholders and cybersecurity leadership during cyber investigations.
• Assist with continuous tuning and optimization of SIEM correlation rules EDR detections and threat analytics.
• Support cybersecurity reporting operational briefings and executive-level situational awareness activities.
• Maintain awareness of emerging cyber threats federal cybersecurity directives CISA guidance and evolving adversary TTPs.
• Participate in cybersecurity exercises tabletop events red team/blue team activities and operational readiness initiatives.
• Support compliance with federal cybersecurity standards policies and operational procedures.

Minimum Qualifications

• Bachelors degree in Cybersecurity Computer Science Information Technology Information Assurance Intelligence Studies or related discipline. Relevant experience may substitute for degree requirements.
• Minimum of 5 years of experience supporting threat hunting cybersecurity operations cyber defense incident response or SOC environments.
• Hands-on experience conducting proactive cyber threat hunting and adversary analysis activities.
• Experience using SIEM EDR IDS/IPS network monitoring packet analysis and cyber defense technologies.
• Knowledge of MITRE ATT&CK framework cyber kill chain methodologies and adversary TTP analysis.
• Experience analyzing Windows Linux cloud and network security logs.
• Familiarity with scripting and query languages such as PowerShell Python KQL Splunk SPL or SQL.
• Experience supporting federal cybersecurity operations and compliance frameworks including NIST guidance.
• Strong analytical investigative communication and technical reporting skills.
• Ability to operate effectively in fast-paced mission-critical cybersecurity environments.

Preferred Certifications

• GIAC Certified Enterprise Defender (GCED)
• GIAC Cyber Threat Intelligence (GCTI)
• GIAC Certified Incident Handler (GCIH)
• Certified Ethical Hacker (CEH)
• CompTIA CySA
• CompTIA Security
• Certified SOC Analyst (CSA)
• Microsoft Security Operations Analyst Associate (SC-200)