- Company Name
- cFocus Software Incorporated
- Job Title
- Cyber Threat Hunter (Mid-Level)
- Job Description
-
**Job Title**
Cyber Threat Hunter (Mid‑Level)
**Role Summary**
Mid‑level threat hunter responsible for proactive identification, deterrence, monitoring, and investigation of computer and network intrusions for USDOT. Works remotely, requires active Public Trust clearance, 8570 compliance, and advanced cybersecurity certifications. Implements hypothesis‑based hunts, performs malware analysis, and supports forensic investigations across cloud and on‑prem environments.
**Expectations**
- Minimum 5 + years of relevant experience in threat hunting, incident response, or computer forensics.
- Active Public Trust clearance and 8570‑compliant Security+ CE certification.
- Current certifications such as GCIA, GCIH, GSEC, GMON, and Splunk Core Power User.
- Strong collaboration with IT and government stakeholders; ability to respond to technical requests via AOUSC ITSM ticketing.
**Key Responsibilities**
- Detect, deter, monitor, and investigate intrusions across networks and endpoints.
- Conduct computer forensic support for high‑tech investigations (evidence seizure, analysis, data recovery).
- Analyze raw event streams (DNS, DHCP, AD, SE logs) for patterns, anomalies, and threat indicators; tag events for Tier 1 & 2 monitoring.
- Perform static and dynamic malware analysis in out‑of‑band environments, including complex threats.
- Respond to government technical requests (e.g., HEAT, ServiceNow) for threat‑hunt support.
- Execute threat hunts against cloud (Azure, O365), AD, and CASB environments using SIEM alerts, open‑source intel, and hypothesis‑based TTP approaches.
- Propose, document, and implement custom detection searches post‑hunt.
- Configure, deploy, and troubleshoot EDR agents (CrowdStrike, Sysmon) and custom scripts.
- Track cyber defense incidents from detection to resolution; coordinate with IT and vendors on EDR agent issues.
- Participate in after‑action reviews and record lessons learned.
- Triage malware events to identify root causes.
- Attend daily Agile Scrum stand‑ups, report progress on assigned Jira stories.
**Required Skills**
- Proficiency with SIEM (e.g., Splunk), EDR (CrowdStrike, Sysmon), and OSINT.
- Advanced malware reverse engineering (static/dynamic) and threat hunting techniques.
- Strong understanding of Windows, Azure, O365, AD, and CASB security architectures.
- Familiarity with Agile Scrum methodologies and Jira.
- Excellent analytical, documentation, and communication skills.
**Required Education & Certifications**
- Bachelor’s degree in Computer Science, Information Security, Engineering, or related field (or equivalent experience).
- 8570‑compliant Security+ CE.
- Active certifications: GCIA, GCIH, GSEC, GMON, and Splunk Core Power User.
Washington, United states
On site
Mid level
08-01-2026