Senior Threat Hunter

Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.

*** This position is contingent upon contract award ***

Overview

SOSi is seeking a Senior Threat Hunter to support proactive cyber defense activities in alignment with our customer. This role is responsible for conducting threat hunting operations, analyzing data from multiple sources to identify malicious activity, supporting detection and response efforts, and applying advanced analytical techniques to improve cyber defense operations.

Responsibilities

• Conduct proactive threat hunting to identify malicious activity, indicators of compromise, and anomalous behavior across the enterprise
• Analyze data from logs, sensors, endpoint detection and response (EDR) tools, and full packet capture (PCAP) sources to detect threats
• Apply threat hunting methodologies using MITRE ATT&CK and MITRE D3FEND frameworks
• Support detection, analysis, and response to cyber threats in coordination with SOC and incident response teams
• Perform analysis of TCP/IP traffic, intrusion detection system (IDS) data, malware activity, and adversary tactics, techniques, and procedures (TTPs)
• Use scripting and query tools to support threat analysis, data hunting, and development of analytical outputs
• Support development of threat hunting products, reporting, and recommendations to improve cyber defense detection and monitoring

• Experience:
  • Five (5) or more years of experience in data hunting, manipulation, and presentation
  • Management or team lead experience
  • Experience with MITRE ATT&CK and MITRE D3FEND
  • Experience analyzing TCP/IP, IDS data, PCAP, logs, and sensor data
  • Experience supporting malware analysis
  • Experience with Endpoint Detection and Response (EDR) tools
  • Experience with scripting or query languages including R, Python, PIG, HIVE, or SQL
• Education:
  • Bachelor’s Degree
  • (Bachelor’s Degree may be substituted with additional 4+ years of experience as approved by Government)
• Certifications:
  One of:
  • CISSP (Associate)
  • CCSP
  • SSCP
  • GCIH
  • GNFA
  • GCIA
• Plus one DoD 8570 CSSP certification in:
  • CSSP Analyst
  • CSSP Infrastructure Support
  • CSSP Incident Responder
• Clearance/Suitability: Secret (active), Top Secret, SCI Eligible

Work Environment

• Normal office conditions with potential to perform duties in deployed locations.
• Core hours of operation are Monday through Friday, 0600 – 1700.
• May be requested to work evenings and weekends to meet program and contract needs.

Working at SOSi

All interested individuals will receive consideration and will not be discriminated against for any reason.