Stondoh Secure Digital Solutions is seeking a Cyber Threat Hunt & Forensics Analyst to:
Ingest and analyze multi-source threat intelligence, including adversary research and MITRE ATT&CK–mapped Tactics, Techniques, and Procedures (TTPs) , to understand relevant and emerging threats.
Develop and refine threat hypotheses based on intelligence, environmental context, and observed behavioral patterns.
Conduct proactive cyber threat hunting across enterprise networks, endpoints, cloud environments, and log datasets to identify malicious, suspicious, or anomalous activity that evades existing security controls.
Apply deep technical knowledge of network protocols, services, and operating system internals to analyze telemetry, validate hypotheses, and differentiate benign from malicious behavior.
Analyze adversary tradecraft across email, application, cloud, and operating system environments to improve behavioral understanding and detection strategy.
Identify detection gaps and recommend improvements to hunting techniques, analytics, and security monitoring based on hunt outcomes.
Perform forensics and malware analysis , as needed, to validate threat hunting findings and extract supporting Indicators of Compromise (IOCs), including support for forensic evidence preservation when required.
Salary Range: $107,000 – $135,000
Retirement Benefits: 401(k) with 3% Safe Harbor + 3% Employer Match
Clearance Required: Active Secret
(Non-SCIF role; occasional secure facility access as needed)
Strong written and verbal communication skills to clearly document findings and communicate technical conclusions.
Ability to apply threat intelligence , including MITRE ATT&CK, to understand adversary behavior and inform hypothesis-driven hunting.
Proficiency in proactive cyber threat hunting across enterprise networks, endpoints, cloud environments, and log datasets.
Ability to develop and refine detections and analytics based on observed adversary behavior and hunt outcomes.
Strong understanding of attacker tradecraft across email, application, and cloud-based threat vectors.
Advanced knowledge of networking fundamentals (TCP/IP, DNS, SMTP, DHCP) to analyze telemetry and network activity.
Advanced knowledge of operating system internals and security mitigations across major platforms (Windows, Linux, macOS, mobile).
Experience performing digital forensics on network, host, or memory artifacts to validate threat hunting findings.
Experience analyzing malware or anomalous code to determine malicious intent and functionality.
Experience using forensic tools such as EnCase, Sleuthkit, or FTK.
Experience preserving and handling digital evidence , including maintenance of chain of custody.
Scripting or automation experience (e.g., Python, PowerShell, Bash ) to support hunting workflows.
Experience using SIEM platforms and query languages (e.g., Splunk, Sentinel).
Experience producing threat intelligence products , including written reports or briefings.
Bachelor's degree or higher.
7+ years of experience performing cyber threat hunting and supporting forensic analysis in support of enterprise or government incident response.
Analyze threat intelligence and adversary frameworks (including MITRE ATT&CK and the Azure Threat Research Matrix ) to identify relevant tactics, techniques, gaps, and detection shortfalls.
Plan and execute intelligence-driven and hypothesis-based cyber threat hunts across enterprise environments.
Research and correlate large datasets and telemetry to uncover novel attack techniques, track adversary tradecraft, and investigate security alerts.
Design, develop, and enhance cloud-native threat detections and analytics , including support for automated detection capabilities.
Apply structured methodologies (e.g., Agile) to organize threat hunting activities, intelligence analysis, and reporting of outcomes.
Analyze logs and supporting artifacts to validate threat hunting findings and determine adversary activity and scope.
Perform digital forensics and evidence handling , as required, including creation of forensically sound copies and preservation of chain of custody, and produce clear technical reporting.
This is a full-time position supporting a U.S. Government civilian agency and is available immediately for a qualified candidate with the appropriate technical expertise and an active Secret clearance.