Senior Threat Hunter jobs in United States
cer-icon
Apply on Employer Site
company-logo

ECS · 22 hours ago

Senior Threat Hunter

positionWashington, DC
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$120K/yr - $138K/yr
date7+ years exp

ECS is a leading mid-sized provider of technology services to the United States Federal Government. They are seeking a Senior Threat Hunter to identify and mitigate cyber threats using advanced techniques and methodologies. The role involves conducting threat hunts, analyzing data, and ensuring the integrity of digital evidence in a forensic context.

Artificial Intelligence (AI)Cloud InfrastructureComplianceConsultingCyber SecurityInformation TechnologyMachine LearningSecuritySoftware
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Identify threat tactics, methodologies, gaps, and shortfalls aligned with the MITRE ATT&CK Framework and the Azure Threat Research Matrix (ATRM)
Perform Hypothesis-based or Intelligence-based Cyber Threat Hunts to identify threats and risks within environments
Use cloud-native techniques and methods to identify and create threat detections for automated response activities
Use Agile methodology to organize intelligence, hunts and project status
Be able to independently research intelligence reports to find actionable data for conducting intel or hypothesis-based hunts
Explore and correlate large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, and investigate alerts for enterprise customers
Conduct analysis of log files, evidence, and other information to determine the best methods for identifying the perpetrator(s) of a network intrusion
Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis
Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes
Provide a technical summary of findings in accordance with established reporting procedures
Ensure that chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence
Recognize and accurately report forensic artifacts indicative of a particular operating system
Extract data using data carving techniques (e.g., Forensic Tool Kit [FTK], Foremost)
Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise

Qualification

Cyber Threat HuntingDigital ForensicsMITRE ATT&CK FrameworkForensic ToolsTCP/IP NetworkingMalware AnalysisIncident ResponsePythonSIEM Query LanguagesAgile MethodologyResearch SkillsWritten CommunicationVerbal Communication

Required

Strong written and verbal communication skills
Create detections and automation to detect, contain, eradicate, and recover from security threats
Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques
Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTPs (Tactics, Techniques, and Procedures)
Conduct proactive hunts through enterprise networks, endpoints, or datasets in order to detect malicious, suspicious, or risky activities that have evaded detection by existing tools
Advanced knowledge of TCP/IP networking, and network services such as DNS, SMTP, DHCP, etc
Solid understanding of attacker tradecraft associated with email, app-based, cloud threats and the ability to apply defensive tactics to protect against threats
Advanced knowledge of operating system internals, OS security mitigations, understanding of Security challenges in Windows, Linux, Mac, Android & iOS platforms
Experience using forensic tools (e.g., EnCase, Sleuthkit, FTK)
Ability to perform deep analysis of captured malicious code (e.g., malware forensics)
Skill in analyzing anomalous code as malicious or benign
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
Incorporate agile, threat intelligence-driven or hypothesis-based threat hunting, and the MITRE ATT&CK framework to identify and prioritize development of missing or ineffective detection capabilities to detect, prevent, and respond to cyber events originating from threat actors
Bachelor's degree or higher
7+ years' performing cyber threat hunting and forensics support for incident response
Certifications addressing identification of malicious system and user activity, incident response in an enterprise environment, timeline artifact analysis, timeline collection, timeline processing, volatile data collection, analysis of profiling of systems and devices, analysis of file and program activity, acquisition, preparation, and preservation of digital evidence, analysis of user communications, advanced IDS concepts, applications protocols, concepts of TCP/IP and the link layer, DNS, fragmentation, IDS fundamentals and initial deployment (e.g., snort, bro), IDS rules (e.g., snort, bro), IPv6, network architecture and event correlation, network traffic analysis and forensics, or packet engineering
Active Secret clearance
5+ years of experience in digital forensics and incident response and threat hunt activities
Core Competencies in Computer Forensics, Computer Network Defense, Software Testing and Evaluation, System Administration, and Threat Analysis
All access to classified information will be within government controlled secure facilities

Preferred

Proficiency with at least Python, PowerShell, or bash
Proficiency in using query languages used in popular SIEM products (Splunk, Sentinel)
Experience with producing finished intelligence content on threat actors and attacker techniques including written reports, presentations, and visuals covering attribution, threat detection and hunting guidance, and remediation recommendations
Experience conducting non-attributable research and conducting research using deep web
Preserve evidence integrity according to standard operating procedures or national standards
Ability to analyze memory dumps to extract information
Skill in identifying and extracting data of forensic interest in diverse media (i.e., media forensics)

Company

ECS

twittertwittertwitter
Glassdoor3.6
company-logo
ECS is a fast-growing 4,000-person, $1.2B provider of advanced technology solutions for federal civilian, defense, intelligence, and commercial customers.
dateFounded in 2001
location
Fairfax, Virginia, USA
people-size1001-5000 employees
web-link
https://www.ecstech.com

Funding

Current Stage
Late Stage
Total Funding
unknown
2018-01-31Acquired
2015-04-10Private Equity

Leadership Team

leader-logo
Keith McCloskey
VP / Chief Technology Officer
linkedin
leader-logo
Ryan Garner
Chief Financial Officer
linkedin

Recent News

Morningstar.com
ECS Recognized as a Top Partner with 2025 Elastic Services Partner Award – AMER
2025-11-19
MarketScreener
ECS Joint Venture 1CyberForce Wins Spot On $20B Cybersecurity Vehicle
2025-03-26
citybiz
ECS Names John Lau Vice President of Defense and Intel Solutions
2025-02-14
Company data provided by crunchbase