Job Description

Stondoh Secure Digital Solutions is seeking a Cyber Threat Hunt & Forensics Analyst to:

• Ingest and analyze multi-source threat intelligence, including adversary research and MITRE ATT&CK–mapped Tactics, Techniques, and Procedures (TTPs) , to understand relevant and emerging threats.

• Develop and refine threat hypotheses based on intelligence, environmental context, and observed behavioral patterns.

• Conduct proactive cyber threat hunting across enterprise networks, endpoints, cloud environments, and log datasets to identify malicious, suspicious, or anomalous activity that evades existing security controls.

• Apply deep technical knowledge of network protocols, services, and operating system internals to analyze telemetry, validate hypotheses, and differentiate benign from malicious behavior.

• Analyze adversary tradecraft across email, application, cloud, and operating system environments to improve behavioral understanding and detection strategy.

• Identify detection gaps and recommend improvements to hunting techniques, analytics, and security monitoring based on hunt outcomes.

• Perform forensics and malware analysis , as needed, to validate threat hunting findings and extract supporting Indicators of Compromise (IOCs), including support for forensic evidence preservation when required.

Salary Range: $107,000 – $135,000

Retirement Benefits: 401(k) with 3% Safe Harbor + 3% Employer Match

Clearance Required: Active Secret

(Non-SCIF role; occasional secure facility access as needed)

Required Skills

• Strong written and verbal communication skills to clearly document findings and communicate technical conclusions.

• Ability to apply threat intelligence , including MITRE ATT&CK, to understand adversary behavior and inform hypothesis-driven hunting.

• Proficiency in proactive cyber threat hunting across enterprise networks, endpoints, cloud environments, and log datasets.

• Ability to develop and refine detections and analytics based on observed adversary behavior and hunt outcomes.

• Strong understanding of attacker tradecraft across email, application, and cloud-based threat vectors.

• Advanced knowledge of networking fundamentals (TCP/IP, DNS, SMTP, DHCP) to analyze telemetry and network activity.

• Advanced knowledge of operating system internals and security mitigations across major platforms (Windows, Linux, macOS, mobile).

Desired Skills

• Experience performing digital forensics on network, host, or memory artifacts to validate threat hunting findings.

• Experience analyzing malware or anomalous code to determine malicious intent and functionality.

• Experience using forensic tools such as EnCase, Sleuthkit, or FTK.

• Experience preserving and handling digital evidence , including maintenance of chain of custody.

• Scripting or automation experience (e.g., Python, PowerShell, Bash ) to support hunting workflows.

• Experience using SIEM platforms and query languages (e.g., Splunk, Sentinel).

• Experience producing threat intelligence products , including written reports or briefings.

Desired Certifications / Experience

• Bachelor's degree or higher.

• 7+ years of experience performing cyber threat hunting and supporting forensic analysis in support of enterprise or government incident response.

Position Responsibilities

• Analyze threat intelligence and adversary frameworks (including MITRE ATT&CK and the Azure Threat Research Matrix ) to identify relevant tactics, techniques, gaps, and detection shortfalls.

• Plan and execute intelligence-driven and hypothesis-based cyber threat hunts across enterprise environments.

• Research and correlate large datasets and telemetry to uncover novel attack techniques, track adversary tradecraft, and investigate security alerts.

• Design, develop, and enhance cloud-native threat detections and analytics , including support for automated detection capabilities.

• Apply structured methodologies (e.g., Agile) to organize threat hunting activities, intelligence analysis, and reporting of outcomes.

• Analyze logs and supporting artifacts to validate threat hunting findings and determine adversary activity and scope.

• Perform digital forensics and evidence handling , as required, including creation of forensically sound copies and preservation of chain of custody, and produce clear technical reporting.

This is a full-time position supporting a U.S. Government civilian agency and is available immediately for a qualified candidate with the appropriate technical expertise and an active Secret clearance.

Job Tags

Similar Jobs