OT Threat Hunt Analyst
Phase2 Technology, Denver, CO, United States
Job Number: R0238495
OT Threat Hunt Analyst
Join a high-impact, mission-driven team operating at the forefront of cyber defense for critical infrastructure. As a Threat Hunter, you will be part of a small, agile group entrusted with proactively identifying and disrupting advanced threats targeting some of the nation's most essential systems.
This role goes beyond traditional detection and response. You will lead and execute sophisticated threat hunting operations, transforming emerging intelligence into actionable hunt missions, engineering novel collection capabilities, and uncovering adversary activity that evades conventional security controls. Working at the intersection of cyber threat intelligence, detection engineering, and operational technology (OT), you will help defend complex, real‑world environments where the stakes are tangible and immediate.
You will collaborate closely with system owners, engineers, and OT subject matter experts to design and deploy innovative approaches to visibility and analysis, often in environments where telemetry is limited and adversaries are highly adaptive. Your work will directly support federal missions, contributing to the resilience and security of critical infrastructure sectors.
This is a role for a technically deep, creatively minded operator who thrives in ambiguity, enjoys building new capabilities from the ground up, and is motivated by meaningful, national-level impact.
You Have
10+ years of experience supporting cyber operations in incident response, threat hunting, detection engineering, offensive operations, or cybersecurity and information assurance
Experience conducting proactive, hypothesis-driven threat hunts in enterprise or industrial environments
Experience mapping activity to frameworks, such as MITRE ATT&CK
Experience with a query and analysis platform, such as SIEM or EDR, or log analytics tools
Experience analyzing endpoint, network, and log data to identify malicious or anomalous behavior
Knowledge of adversary tactics, techniques, and procedures (TTPs)
Ability to translate cyber threat intelligence into actionable hunt hypotheses, operational plans, and detection analytics, design, test, and iterate on data collection strategies in constrained or complex environments, and clearly document findings and brief technical and non-technical audiences
Top Secret clearance
Bachelor's degree
GIAC (e.g., GCFA, GCIH, GCIA) or CISSP certification
Nice If You Have
Experience working with industrial control systems (ICS), SCADA environments, or other operational technology (OT) networks
Experience with the development of custom detection content, signatures, or behavioral analytics beyond out-of-the-box tooling
Experience with scripting or programming, such as Python or PowerShell, to automate analysis or build custom tooling
Experience with the U.S. Intelligence Community and using intelligence to support cyber defensive operations
Experience conducting threat hunting in cloud or hybrid environments, such as AWS, Azure, or containerized infrastructure
Experience with threat emulation or purple teaming
Knowledge of OT protocols, such as Modbus or DNP3, and visibility challenges unique to industrial environments
Knowledge of memory forensics, malware analysis, or reverse engineering
Possession of strong written and verbal communication skills
Clearance
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. Top Secret clearance is required.
Compensation
Salary is determined by various factors, including but not limited to location, the individual's particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $99,000.00 to $225,000.00 (annualized USD). This posting will close within 90 days from the Posting Date.
Commitment to Non-Discrimination
All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.
#J-18808-Ljbffr
OT Threat Hunt Analyst
Join a high-impact, mission-driven team operating at the forefront of cyber defense for critical infrastructure. As a Threat Hunter, you will be part of a small, agile group entrusted with proactively identifying and disrupting advanced threats targeting some of the nation's most essential systems.
This role goes beyond traditional detection and response. You will lead and execute sophisticated threat hunting operations, transforming emerging intelligence into actionable hunt missions, engineering novel collection capabilities, and uncovering adversary activity that evades conventional security controls. Working at the intersection of cyber threat intelligence, detection engineering, and operational technology (OT), you will help defend complex, real‑world environments where the stakes are tangible and immediate.
You will collaborate closely with system owners, engineers, and OT subject matter experts to design and deploy innovative approaches to visibility and analysis, often in environments where telemetry is limited and adversaries are highly adaptive. Your work will directly support federal missions, contributing to the resilience and security of critical infrastructure sectors.
This is a role for a technically deep, creatively minded operator who thrives in ambiguity, enjoys building new capabilities from the ground up, and is motivated by meaningful, national-level impact.
You Have
10+ years of experience supporting cyber operations in incident response, threat hunting, detection engineering, offensive operations, or cybersecurity and information assurance
Experience conducting proactive, hypothesis-driven threat hunts in enterprise or industrial environments
Experience mapping activity to frameworks, such as MITRE ATT&CK
Experience with a query and analysis platform, such as SIEM or EDR, or log analytics tools
Experience analyzing endpoint, network, and log data to identify malicious or anomalous behavior
Knowledge of adversary tactics, techniques, and procedures (TTPs)
Ability to translate cyber threat intelligence into actionable hunt hypotheses, operational plans, and detection analytics, design, test, and iterate on data collection strategies in constrained or complex environments, and clearly document findings and brief technical and non-technical audiences
Top Secret clearance
Bachelor's degree
GIAC (e.g., GCFA, GCIH, GCIA) or CISSP certification
Nice If You Have
Experience working with industrial control systems (ICS), SCADA environments, or other operational technology (OT) networks
Experience with the development of custom detection content, signatures, or behavioral analytics beyond out-of-the-box tooling
Experience with scripting or programming, such as Python or PowerShell, to automate analysis or build custom tooling
Experience with the U.S. Intelligence Community and using intelligence to support cyber defensive operations
Experience conducting threat hunting in cloud or hybrid environments, such as AWS, Azure, or containerized infrastructure
Experience with threat emulation or purple teaming
Knowledge of OT protocols, such as Modbus or DNP3, and visibility challenges unique to industrial environments
Knowledge of memory forensics, malware analysis, or reverse engineering
Possession of strong written and verbal communication skills
Clearance
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. Top Secret clearance is required.
Compensation
Salary is determined by various factors, including but not limited to location, the individual's particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $99,000.00 to $225,000.00 (annualized USD). This posting will close within 90 days from the Posting Date.
Commitment to Non-Discrimination
All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.
#J-18808-Ljbffr