Cyber Threat Hunter

Type of Requisition:

Regular

Clearance Level Must Currently Possess:

Top Secret/SCI

Clearance Level Must Be Able to Obtain:

Top Secret/SCI

Public Trust/Other Required:

None

Job Family:

Cyber and IT Risk Management

Job Qualifications:

Skills:

Cyber Operations, Cyber Threat Analysis, Cyber Threat Hunting, Cyber Threat Intelligence, Cyber Threat Prevention

Certifications:

None

Experience:

3 + years of related experience

US Citizenship Required:

Yes

Job Description:

Advance your career while impacting our national security in cyber as an Information Security Analyst Senior at GDIT. Here, technologists have many paths to grow a meaningful career supporting cyber missions and operations across the federal government.

MEANINGFUL WORK AND PERSONAL IMPACT

The Cyber Threat Hunter is responsible for proactively identifying, analyzing, and mitigating advanced cyber threats targeting enterprise, on-prem, cloud, and mission systems. This role leverages threat intelligence, behavioral analytics, hypothesis-driven hunting, adversary tactics/techniques/procedures (TTPs), and automation to detect malicious activity not identified by traditional security controls. Provide continuous monitoring of alert queues, triage security events, and monitor the health of data sources related to security sensors and endpoint security agents.

The ideal candidate possesses deep expertise in threat hunting methodologies, cyber threat intelligence (CTI), log analytics, scripting, cloud security, and SIEM technologies such as Splunk ES and Elastic. This role supports defensive cyber operations across on-premises, hybrid, and cloud environments.

WHAT YOU’LL NEED TO SUCCEED
Bring your cyber expertise and drive for innovation to GDIT. The Information Security Analyst Senior must have:
 

Threat Hunting Operations

• Conduct proactive and reactive threat hunts across enterprise networks, endpoints, servers, and cloud environments.

• Develop and execute hypothesis-based hunts using known adversary TTPs.

• Identify stealthy, persistent, or anomalous activity missed by automated detections.

• Pivot across multiple data sources to validate suspicious indicators.

Cyber Threat Intelligence (CTI)

• Leverage internal and external CTI feeds to enrich hunting operations.

• Translate intelligence reports into hunt hypotheses and detections.

• Analyze nation-state, criminal, and insider threat activity.

• Map adversary behavior to MITRE ATT&CK framework.

SIEM / Log Analytics

• Utilize Splunk or Elastic SIEM for advanced correlation searches, dashboards, detections, and threat investigations.

• Correlate logs from firewalls, EDR, DNS, authentication, proxy, cloud, and network sources.

• Tune detections to reduce false positives and improve fidelity.

Cloud Security Hunting

• Perform hunts within cloud environments such as Amazon Web Services, Microsoft Azure, and Google Cloud.

• Analyze cloud control plane logs, IAM activity, API abuse, storage misuse, and lateral movement.

• Hunt for persistence techniques in SaaS / IaaS / PaaS environments.

Automation & Engineering

• Develop scripts and automations to accelerate hunting and investigations.

• Build repeatable hunt playbooks and workflows.

• Integrate tools using APIs, SOAR, or custom automation.

• Automate enrichment of indicators and triage processes.

Incident Response Support

• Provide advanced analytical support to Incident Response teams.

• Validate indicators of compromise (IOCs)

• Support containment and eradication during active incidents.

● Security clearance level: TS/SCI Required

● US citizenship required

● Role requirements:

• Technical Training, Certification(s) or Degree, or additional years in lieu of degree

• 4+ years cybersecurity experience with 2+ years in threat hunting, SOC, IR, or CTI.

• Experience in DoW, Intelligence Community, or federal cyber environments preferred.

• Strong experience with Splunk or other SIEM platforms.

• Strong knowledge of CTI lifecycle and intelligence-driven defense.

• Experience creating hunt hypotheses and conducting structured hunts.

• Deep understanding of Windows, Linux, Active Directory, networking, and DNS.

• Knowledge of tools such as Trellix ESS, Splunk ES, Splunk SOAR, MAR/HX, NSM, Varonis, IDS, Stealthwatch, Cylance and ForeScout as duties performing cyber incident response and analysis.

• Familiarity with malware behavior and attacker tradecraft.

• Experience with cloud technologies (AWS, Azure, GCP).

Experience with one or more:

Ability to write or understand code in one or more:

• Python

• PowerShell

• Bash

• SQL

• Kusto Query Language

• JSON / YAML / Regex parsing

Compliance / Certifications

• DoD 8570 / 8140 compliant certification preferred such as:

• CompTIA Security+

• CySA+

• CASP+

• GIAC (GCIH, GCFA, etc.)

GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.
● Growth: AI-powered career tool that identifies career steps and learning opportunities
● Support: An internal mobility team focused on helping you achieve your career goals
● Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
● Community: Award-winning culture of innovation and a military-friendly workplace

OWN YOUR OPPORTUNITY
Explore a career in cyber at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your focus on defending and protecting what matters.

The likely salary range for this position is $97,750 - $132,250. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:

40

Travel Required:

10-25%

Telecommuting Options:

Onsite

Work Location:

USA NC Fort Bragg

Additional Work Locations:

Total Rewards at GDIT:

Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.

Join our Talent Community to stay up to date on our career opportunities and events at

gdit.com/tc.

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans