The Role
The Threat Hunt Lead will manage proactive threat hunting operations, analyze potential threats, develop plans, and mentor team members to identify and mitigate risks.
Summary Generated by Built In
cFocus Software seeks a Threat Hunt Lead to join our program supporting the Administrative Office of the United States Courts (AOUSC). This position is Hybrid with the onsite location being in Washington, DC. This position requires a Public Trust clearance.
Qualifications:
Duties:
Qualifications:
- Active Public Trust clearance
- B.S. Computer Science, Information Technology, or a related field
- 5+ years within IR in a large SOC (over 5,000 endpoints) with at least 3 years focused on proactive threat hunting or adversary emulation.
- 3+ years of experience with demonstrated proficiency in forming hypothesis, querying large datasets and identifying APT behavior.
- 2+ years’ experience with demonstrated proficiency in scripting languages including Python and PowerShell to develop new tools.
- This role most closely aligns with the NICE work role PD-WRL-006 (Threat Analysis).
- Active OSCP or GXPN certification
Duties:
- Lead proactive threat hunting operations to identify Advanced Persistent Threats (APT), insider threats, malicious activity, and anomalous behaviors that evade traditional security controls.
- Develop and execute hypothesis-driven threat hunts leveraging threat intelligence, adversary tactics, techniques, and procedures (TTPs), behavioral analytics, and anomalous telemetry.
- Coordinate threat hunt activities within Agile two-week sprint cycles and ensure successful execution of all assigned hunt objectives and deliverables.
- Develop Threat Hunt Execution Plans that define hunt hypotheses, objectives, technical methodologies, required telemetry, and investigative procedures.
- Analyze endpoint, network, cloud, identity, SIEM, EDR, and log telemetry to identify indicators of compromise (IOCs), suspicious activity, and attack patterns.
- Coordinate and escalate confirmed or suspected findings to the Cybersecurity Triage and Incident Response teams in accordance with the Judiciary SOC Incident Response Plan (JSOCIRP).
- Collaborate with Detection Engineering teams to identify and remediate logging, telemetry, detection, or visibility gaps discovered during threat hunting operations.
- Work closely with Cyber Threat Intelligence teams to operationalize intelligence, enrich investigations, and identify emerging threats impacting the Judiciary.
- Conduct advanced analysis of threat actor behaviors, malware campaigns, phishing activity, suspicious infrastructure, and attack trends.
- Develop detailed Threat Hunt Reports documenting hunt objectives, findings, TTPs, queries used, telemetry gaps, identified risks, and recommendations for improved detections.
- Produce executive-level Hunt Sprint Reports summarizing hunt activities, operational impacts, recommendations, and emerging cybersecurity risks.
- Provide real-time investigative support during cybersecurity incidents and high-priority threat investigations.
- Perform analysis utilizing Splunk Enterprise Security, Microsoft Sentinel, Splunk SOAR, CrowdStrike, Qualys, ServiceNow, Jira, and other AO-approved security platforms.
- Support the development and refinement of threat models tailored to Judiciary systems, high-value assets, and mission-critical environments.
- Develop and maintain threat hunting SOPs, playbooks, technical procedures, and investigative methodologies aligned with AO and federal cybersecurity standards.
- Support enterprise security awareness initiatives through threat briefings, technical reporting, and operational presentations.
- Participate in weekly technical meetings, operational reviews, and status briefings with AO leadership and federal stakeholders.
- Provide mentorship, technical guidance, and quality oversight to threat hunters and supporting analysts.
- Support transition-in and transition-out activities, operational readiness, documentation development, and knowledge transfer activities.
- Drive continuous improvement initiatives focused on detection coverage, telemetry enrichment, operational efficiency, and threat hunting maturity.
Skills Required
- Active Public Trust clearance
- B.S. in Computer Science or Information Technology
- 5+ years in Incident Response in a large SOC
- 3+ years focused on proactive threat hunting
- 2+ years in scripting languages including Python and PowerShell
- Active OSCP or GXPN certification
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Established in 2006, cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint. cFocus Software is the exclusive vendor of ATO (Authority To Operate) as a Service™, which automates FedRAMP compliance for the Azure Government Cloud and Office 365. Contact Us for a demo of ATO as a Service™ or a FREE government chatbot proof of concept project today!
