Cyber Threat Hunter
Company: Leidos
Location: Washington
Posted on: April 3, 2026
|
|
|
Job Description:
The Leidos Digital Modernization sector is looking for a Cyber
Threat Hunte r to support a Defensive Cyber Operations (DCO) team
in Washington, DC. This position is expected to become available in
Summer 2026. Our team provides mission critical, 24/7 operational
support to the customer’s mission of protecting federal networked
systems and services from cyber threats impacting national
security. This hybrid position is primarily on-site, with potential
for up to 20% telework. While this position will primarily work
during core hours (0600 – 1600), this position will be supporting a
team of analysts working 24/7 rotating shifts (days, swings,
nights). As such, occasional shift work or weekend work may be
required to fill unexpected gaps in coverage. PRIMARY
RESPONSIBILITIES: Hypothesis-Driven Hunting: Develop and execute
structured hunt campaigns by forming theories on adversary
persistence and lateral movement based on the latest TTPs. Advanced
Telemetry Analysis: Query and correlate massive datasets across
cloud resources, identity systems, and network infrastructure to
identify "low and slow" attacks that evade automated detection.
Detection Engineering Pipeline: Partner with detection teams to
transform manual hunt discoveries into high-fidelity, automated
detection rules (SIEM/EDR). Automated Countermeasure Deployment:
Design and maintain automation scripts to scale threat mitigation
and isolate compromised assets at machine speed. APT Targeting &
Engagement: Utilize the MITRE ATT&CK framework to proactively
search for Advanced Persistent Threat (APT) activity, assuming a
"breach mentality" to uncover hidden adversaries. Indications &
Warnings (I&W) Integration: Analyze internal and external
telemetry to identify early triggers and "smoke" that signal an
imminent or ongoing compromise. Tactical Reporting & Metrics:
Author detailed technical hunt reports summarizing findings,
operational gaps, and measurable improvements to the organization's
security posture. Situational Awareness: Maintain a deep
understanding of the current threat landscape, focusing on how new
vulnerabilities or malware variants could be exploited within the
customer enterprise. BASIC QUALIFICATIONS: Bachelor’s Degree with 8
yrs of experience or Master’s Degree with 6 yrs of relevant
experience; additional years of experience may be substituted in
lieu of degrees. DoD 8570 IAT Level II/III: Must hold an IAT Level
II or higher certification (or obtain within 180 days). (e.g.,
CompTIA Security , CySA, GSEC and SSCP) or (CASP CE, CCNP Security,
CISA, GCED, and GCIH) DoD 8570 CSSP Analyst: Must hold a CSSP
Analyst certification (or obtain within 180 days). (e.g., CompTIA
CySA, Cloud, GIAC Global Information Assurance Certification
(GCIA)) DoD 8570 CSSP Infrastructure Support: Must hold a CSSP
Infrastructure Support certification (or obtain within 180 days).
(e.g., CompTIA CySA, Cloud, EC-Council CEH, CND, CHFI, GIAC GICSP,
and ISC2 SSCP) Technical Proficiency: Expert knowledge of
networking protocols (TCP/IP, DNS, HTTP/S) and common security
elements like IDS/IPS and next-gen firewalls. Data Analysis: Direct
experience analyzing complex packet captures and endpoint logs to
reconstruct attack timelines. Security Clearance: Current DoD
TS/SCI security clearance and ability to pass additional customer
suitability screenings prior to start and maintain throughout
employment . PREFERRED SKILLS: Hunt Methodology: Demonstrated
experience planning and executing hunt missions in complex,
hybrid-cloud environments. Query Languages: Expert proficiency in
SPL (Splunk), KQL (Kusto), or DSL (Elastic) for large-scale data
mining. Scripting for Security: Advanced use of Python, PowerShell,
or Bash to automate repetitive hunt tasks and data enrichment.
Forensic Insight: Previous experience in Digital Forensics or
Incident Response (DFIR) to assist in root-cause analysis. Cloud
Infrastructure: Familiarity with hunting within AWS, Azure, O365,
and containerized workloads. AI-Enhanced Defense: Experience using
AI-driven analytics to sift through noise and identify anomalous
behavioral patterns. ms If you're looking for comfort, keep
scrolling. At Leidos, we outthink, outbuild, and outpace the status
quo — because the mission demands it. We're not hiring followers.
We're recruiting the ones who disrupt, provoke, and refuse to fail.
Step 10 is ancient history. We're already at step 30 — and moving
faster than anyone else dares. Original Posting: March 12, 2026 For
U.S. Positions: While subject to change based on business needs,
Leidos reasonably anticipates that this job requisition will remain
open for at least 3 days with an anticipated close date of no
earlier than 3 days after the original posting date as listed
above. Pay Range: Pay Range $107,900.00 - $195,050.00 The Leidos
pay range for this job level is a general guideline only and not a
guarantee of compensation or salary. Additional factors considered
in extending an offer include (but are not limited to)
responsibilities of the job, education, experience, knowledge,
skills, and abilities, as well as internal equity, alignment with
market data, applicable bargaining agreement (if any), or other
law.
Keywords: Leidos, Reston , Cyber Threat Hunter, IT / Software / Systems , Washington, Virginia
