Cyber Threat Hunt Lead

Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.

**This position is contingent upon contract award**

SOSi is seeking highly qualified senior professionals to support a DHS enterprise cybersecurity program providing 24/7 Security Operations Center (SOC) services. These roles deliver leadership, operational oversight, and technical expertise across cyber defense, incident response, intelligence, engineering, and modernization activities.

Job Description

Leads hypothesis-driven threat hunting across enterprise environments, leveraging CTI to define TTP-focused hunts and collaborating with detection engineering, IR, and asset owners to validate and remediate findings.

Responsibilities

• Plan and execute TTP-based hunts; pivot across host/network telemetry to discover unknown threats.
• Develop/interpret detections and analytics, coordinate remediation with asset owners and IR.
• Work with the Cyber Threat Intelligence team to report significant findings of importance to leadership as well as coordinate with asset owners to deconflict findings.
• Lead the Cyber Threat Hunt team to propose corrective actions and inform the necessary parties of security issues, reportable offenses, or cybersecurity best practices.

• Experience:• Five (5) years' experience as a Tier III senior cyber threat hunt analyst performing threat analysis, technical analysis, and network asset traversal.
• Five (5) years of hands-on experience with experience in the last two (2) years that includes network-based security monitoring using cybersecurity capabilities.
• Possess a strong cyber security background with experience in host and network-based forensics related to the identification of advanced cyber threat activities, intrusion detection, malware identification, and security content development (e.g., signatures, rules, etc.).
• Experience interpreting scripts to support cyber threat detection in a variety of formats, such as VB scripts, Python, C++, and HTML, XML or other types needed for analysis.
• Experience in conducting cyber threat hunt analysis, utilizing cyber threat intelligence to identify and prioritize tactics, techniques, and procedures to hunt against.
• Deep knowledge of capabilities and experience with Security Information and Event Management (SIEM) and networked-device management tools such as Splunk and Tanium.
• Experience in maintaining a comprehensive understanding of the cyber threat landscape, including identifying and analyzing cyber threats actors and activities to enhance cybersecurity posture of the organization’s IT operating environment.

• Certifications: CISSP
• Clearance: TS, SCI-eligible.

Work Environment

• Normal office conditions with potential to perform duties in various CONUS locations.
• Core hours of operation are Monday through Friday, 0600 – 1700.
• May be requested to work evenings and weekends to meet program and contract needs.

Working at SOSi

All interested individuals will receive consideration and will not be discriminated against for any reason.