Senior Threat Hunter
Revolutional · Chandler, AZ · 1 wk ago
On-siteInformation TechnologyFull-time
Responsibilities
- Proactively hunt for APTs, adversary TTPs, and indicators of compromise across network flow, PCAP, logs, endpoint telemetry, and sensor data
- Develop, execute, and document reusable hunt tactics, techniques, and procedures that can be operationalized across the security program
- Build and maintain SIEM queries, alerts, dashboards, and reports to support hunt operations and improve detection coverage
- Write scripts in Python, R, SQL, PIG, HIVE, or equivalent languages to automate data collection, manipulation, and analysis workflows
- Develop algorithms to analyze complex data structures and identify anomalous patterns indicative of adversary activity
- Apply MITRE ATT&CK and D3FEND frameworks to structure hunt hypotheses, map adversary behavior, and recommend defensive improvements
- Conduct complex malware analysis to understand adversary tools, identify encoding techniques (XOR, Base64, ASCII, Unicode, URL encoding, Uuencode), and extract actionable IOCs
- Leverage EDR solutions to investigate endpoint activity, identify suspicious behavior, and support hunt and incident response workflows
- Interpret and fuse data from multiple tool sources into coherent hunt findings and threat assessments
- Produce clear, well-structured hunt reports and briefings for audiences ranging from technical analysts to executive leadership
- Develop, update, and maintain standard operating procedures and technical documentation for hunt operations
- Manage hunt projects and tasks against tight deadlines; provide team leadership and mentorship as needed
- Stay current on adversary tactics, trends, and emerging threat vectors relevant to the federal enterprise environment
Requirements
- Bachelor’s degree in Computer Science, Information Security, or related field; may be substituted with 4 or more additional years of qualifying experience
- 5 or more years of experience in data hunting, manipulation, and presentation in a security operations or threat intelligence context
- Experience in a management or team lead capacity, managing projects and tasks against tight deadlines
- Active Secret clearance; Top Secret/SCI eligibility required
- Scripting proficiency in one or more of: Python, R, SQL, PIG, HIVE, or equivalent languages for data analysis and workflow automation
- Proficiency with SIEM platforms: search language, query development, alert tuning, dashboard creation, and report building
- Knowledge of MITRE ATT&CK and D3FEND frameworks and their practical application to hunt operations and defensive recommendations
- Solid understanding of the TCP/IP networking stack and network intrusion detection technologies
- Experience with complex malware analysis and identification of common encoding techniques including XOR, Base64, ASCII, Unicode, URL encoding, and Uuencode
- Hands-on experience with EDR solutions for endpoint visibility and threat investigation
- Experience creating reusable hunt tactics and techniques that can be operationalized across a security program
- Current knowledge of cyber adversary tactics, trends, and the evolving federal threat landscape
Core Strengths
- Proactive and intellectually curious — you hunt because you assume the adversary is already in, and you don’t stop until you’ve proved otherwise
- Strong analytical and data skills; you find signal in noise and can explain what you found and why it matters
- Effective communicator across audiences — from technical write-ups to executive briefings, your findings land clearly
- Disciplined operator who builds repeatable processes, documents work thoroughly, and raises the capability of the team around you