Senior Threat Hunter
SOS International LLC, Washington, District of Columbia, United States
Washington, DC, USA
Full-time
Clearance Requirement: Secret
Company Description
Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.
Job Description
Overview
SOSi is seeking a Senior Threat Hunter to support proactive cyber defense activities in alignment with our customer. This role is responsible for conducting threat hunting operations, analyzing data from multiple sources to identify malicious activity, supporting detection and response efforts, and applying advanced analytical techniques to improve cyber defense operations.
Responsibilities
Conduct proactive threat hunting to identify malicious activity, indicators of compromise, and anomalous behavior across the enterprise
Analyze data from logs, sensors, endpoint detection and response (EDR) tools, and full packet capture (PCAP) sources to detect threats
Apply threat hunting methodologies using MITRE ATT&CK and MITRE D3FEND frameworks
Support detection, analysis, and response to cyber threats in coordination with SOC and incident response teams
Perform analysis of TCP/IP traffic, intrusion detection system (IDS) data, malware activity, and adversary tactics, techniques, and procedures (TTPs)
Use scripting and query tools to support threat analysis, data hunting, and development of analytical outputs
Support development of threat hunting products, reporting, and recommendations to improve cyber defense detection and monitoring
Qualifications
Experience:
Five (5) or more years of experience in data hunting, manipulation, and presentation
Management or team lead experience
Experience with MITRE ATT&CK and MITRE D3FEND
Experience analyzing TCP/IP, IDS data, PCAP, logs, and sensor data
Experience supporting malware analysis
Experience with Endpoint Detection and Response (EDR) tools
Experience with scripting or query languages including R, Python, PIG, HIVE, or SQL
Education:
Bachelor's Degree
(Bachelor's Degree may be substituted with additional 4+ years of experience as approved by Government)
Certifications:
One of:
CISSP (Associate)
CCSP
SSCP
GCIH
GNFA
GCIA
Plus one DoD 8570 CSSP certification in:
CSSP Analyst
CSSP Infrastructure Support
CSSP Incident Responder
Clearance/Suitability
: Secret (active), Top Secret, SCI Eligible
Additional Information
Work Environment
Normal office conditions with potential to perform duties in deployed locations.
Core hours of operation are Monday through Friday, 0600 - 1700.
May be requested to work evenings and weekends to meet program and contract needs.
Working at SOSi
All interested individuals will receive consideration and will not be discriminated against for any reason.
SOSi is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.
Full-time
Clearance Requirement: Secret
Company Description
Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.
Job Description
Overview
SOSi is seeking a Senior Threat Hunter to support proactive cyber defense activities in alignment with our customer. This role is responsible for conducting threat hunting operations, analyzing data from multiple sources to identify malicious activity, supporting detection and response efforts, and applying advanced analytical techniques to improve cyber defense operations.
Responsibilities
Conduct proactive threat hunting to identify malicious activity, indicators of compromise, and anomalous behavior across the enterprise
Analyze data from logs, sensors, endpoint detection and response (EDR) tools, and full packet capture (PCAP) sources to detect threats
Apply threat hunting methodologies using MITRE ATT&CK and MITRE D3FEND frameworks
Support detection, analysis, and response to cyber threats in coordination with SOC and incident response teams
Perform analysis of TCP/IP traffic, intrusion detection system (IDS) data, malware activity, and adversary tactics, techniques, and procedures (TTPs)
Use scripting and query tools to support threat analysis, data hunting, and development of analytical outputs
Support development of threat hunting products, reporting, and recommendations to improve cyber defense detection and monitoring
Qualifications
Experience:
Five (5) or more years of experience in data hunting, manipulation, and presentation
Management or team lead experience
Experience with MITRE ATT&CK and MITRE D3FEND
Experience analyzing TCP/IP, IDS data, PCAP, logs, and sensor data
Experience supporting malware analysis
Experience with Endpoint Detection and Response (EDR) tools
Experience with scripting or query languages including R, Python, PIG, HIVE, or SQL
Education:
Bachelor's Degree
(Bachelor's Degree may be substituted with additional 4+ years of experience as approved by Government)
Certifications:
One of:
CISSP (Associate)
CCSP
SSCP
GCIH
GNFA
GCIA
Plus one DoD 8570 CSSP certification in:
CSSP Analyst
CSSP Infrastructure Support
CSSP Incident Responder
Clearance/Suitability
: Secret (active), Top Secret, SCI Eligible
Additional Information
Work Environment
Normal office conditions with potential to perform duties in deployed locations.
Core hours of operation are Monday through Friday, 0600 - 1700.
May be requested to work evenings and weekends to meet program and contract needs.
Working at SOSi
All interested individuals will receive consideration and will not be discriminated against for any reason.
SOSi is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.