HiringCafe
Posted 4d ago

CBO - Tier 3 / Threat Hunter

@ cFocus Software
View All Jobs
Washington, District of Columbia, United States
RemoteFull Time
Responsibilities:Threat hunting, Incident investigations, Develop detection
Requirements Summary:Active Public Trust clearance; BS in Computer Science, Information Technology, or related field; 7+ years in cybersecurity operations, threat hunting, or incident response; strong experience with Microsoft Sentinel, Kusto (KQL), and Defender XDR; cloud and log analysis; MITRE ATT&CK knowledge; forensics and malware analysis; 24x7 SOC experience; relevant certifications preferred.
Technical Tools Mentioned:Microsoft Sentinel, Kusto Query Language (KQL), Microsoft Defender, AWS, MITRE ATT&CK, Forensics, Malware analysis
Save
Mark Applied
Hide Job
Report & Hide
Job Description
cFocus Software seeks a Tier 3 / Threat Hunter to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance.

Qualifications:
  • Active Public Trust clearance
  • B.S. Computer Science, Information Technology, or a related field
  • 7+ years of experience in cybersecurity operations, threat hunting, or incident response
  • Strong experience with Microsoft Sentinel and Kusto Query Language (KQL)
  • Hands-on experience with Microsoft Defender XDR (Endpoint, Identity)
  • Experience analyzing logs across cloud (AWS), network, and endpoint environments
  • Strong knowledge of MITRE ATT&CK framework and adversary techniques
  • Experience with digital forensics and malware analysis
  • Ability to conduct root cause analysis and develop remediation strategies
  • Experience working in 24x7 SOC environments
  • Preferred certifications include but are not limited to
    • GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
    • Microsoft Sentinel or Microsoft security platform certifications
    • Relevant cloud security certifications (e.g., AWS security)
    • Privacy certifications (e.g., CIPP/US, CIPM) where applicable

Duties:
  • Conduct proactive threat hunting across identity, endpoint, network, and cloud telemetry
  • Lead advanced incident investigations including root cause analysis and forensic analysis
  • Develop and tune detection logic and analytics within Microsoft Sentinel (KQL)
  • Perform correlation of multi-source telemetry aligned to MITRE ATT&CK framework
  • Analyze logs from Microsoft Defender (Endpoint, Identity), AWS, firewalls, VPNs, and other sources
  • Support incident containment, eradication, and recovery activities
  • Develop and improve threat hunting hypotheses based on intelligence and trends
  • Validate and refine detection use cases and monitoring capabilities
  • Support red team / purple team exercises and adversary emulation
  • Produce detailed incident reports, including timelines and remediation recommendations
  • Identify security gaps and recommend mitigation strategies
  • Collaborate with Tier 1 and Tier 2 analysts to improve triage and escalation processes