Cyber Threat Hunt Lead

The Leidos Digital Modernization sector is looking for a Cyber Threat Hunt Lead to support a Defensive Cyber Operations (DCO) team in Washington, DC.

Our team provides mission critical, 24/7 operational support to the customer’s mission of protecting federal networked systems and services from cyber threats impacting national security.  We are looking for a self-starter who is capable of independently performing their daily tasks, but also works well within a team that requires significant coordination and communication.

This is a hybrid position with the potential for 25% remote / 75% on-site shifts.  While this position will primarily work normal business hours, this position will be supporting a team of analysts working 24/7 rotating shifts (days, swings, nights).  As such, occasional shift work or weekend work may be required to fill unexpected gaps in coverage.

PRIMARY RESPONSIBILITIES:

• Author and deploy novel countermeasures to eliminate threats and illuminate their activities.
• Perform Countermeasures Management Activities – Track and manage implementation and assess the effectiveness of countermeasures on an ongoing basis and revector actions as needed.
• Design and develop solutions to deliver automated cybersecurity services, conduct agile development & maintenance of automation script/tools to scale cybersecurity work across the enterprise.
• Maintain situational awareness of cyber activity by reviewing DoD, Intelligence Community and open-source reporting for new vulnerabilities, malware or other threats that have the potential to impact the customer enterprise.
• Monitor network/hosts/application security devices and support CSSP in providing detect, response, mitigation and recovery capabilities.
• Conduct and support Indications & Warnings intelligence process to Collect & Analyze information, Develop Collection and Analysis Strategies and, Report time-sensitive information supporting real world hunt and DCO operations.
• Perform Hunt Activities by utilizing advanced cyber analytics to mitigate the risk of Advanced Persistent Threats (APT) to the customer network through the implementation of a framework and proves to target, engage and respond to an APT adversary through an intelligence driven defense model.
• Provide recommendations for improvement in Training, Metrics, Governance and Knowledge Management.

BASIC QUALIFICATIONS:

• Bachelor's Degree and 8+ yrs of experience or Master’s Degree and 6+ yrs of relevant experience; additional years of experience may be substituted in lieu of degrees, including experience leading a team or effort.
• Must have a DoD 8570 IAT Level II (or Level III) Certification (e.g. Sec+ CE)
• Must have a DoD 8570 CSSP Analyst Certification (e.g. CEH), OR able to obtain one within 180 days of starting.
• Must have a DoD 8570 CSSP Infrastructure Support Certification (e.g. CEH, CySA+, SSCP), OR able to obtain one within 180 days of starting. 
• Must have strong computing system knowledge, particularly networking, including a knowledge of communication protocols and familiarity with common computing security elements such as IDS/IPS systems and firewalls.
• Must have experience analyzing packet captures.
• Must be able to pass additional customer suitability screenings/processing prior to start.
• Current DoD TS/SCI security clearance.

PREFERRED SKILLS:

• Demonstrated expertise in network and host-based analysis and investigations
• Experience planning and executing threat hunt missions.
• Demonstrated understanding of complex enterprise networks to include routing, switching, firewalls, proxies, and load balancers.
• Expertise working with Windows and Linux based systems.
• Proficiency with scripting languages such as Python and PowerShell.
• Demonstrated familiarity with Splunk Processing Language (SPL), Elastic Domain Specific Language (DSL) and/or Kusto Query Language (KQL).
• Experience working with various technologies and platforms such as AWS, Azure, O365, containers, etc.
• Demonstrated understanding of current  threat landscape, tactics used by adversaries and methodology used to investigate, analyze, mitigate and recover from attacks.
• Previous experience as a member of a hunt team.

Original Posting Date:2025-02-24

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:Pay Range $104,650.00 - $189,175.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.