What are the responsibilities and job description for the AOUSC - Threat Hunt Lead position at cFocus Software Incorporated?
cFocus Software seeks a Threat Hunt Lead to join our program supporting the Administrative Office of the United States Courts (AOUSC). This position is Hybrid with the onsite location being in Washington, DC. This position requires a Public Trust clearance.
Qualifications:
Qualifications:
- Active Public Trust clearance
- B.S. Computer Science, Information Technology, or a related field
- 5 years within IR in a large SOC (over 5,000 endpoints) with at least 3 years focused on proactive threat hunting or adversary emulation.
- 3 years of experience with demonstrated proficiency in forming hypothesis, querying large datasets and identifying APT behavior.
- 2 years’ experience with demonstrated proficiency in scripting languages including Python and PowerShell to develop new tools.
- This role most closely aligns with the NICE work role PD-WRL-006 (Threat Analysis).
- Active OSCP or GXPN certification
- Lead proactive threat hunting operations to identify Advanced Persistent Threats (APT), insider threats, malicious activity, and anomalous behaviors that evade traditional security controls.
- Develop and execute hypothesis-driven threat hunts leveraging threat intelligence, adversary tactics, techniques, and procedures (TTPs), behavioral analytics, and anomalous telemetry.
- Coordinate threat hunt activities within Agile two-week sprint cycles and ensure successful execution of all assigned hunt objectives and deliverables.
- Develop Threat Hunt Execution Plans that define hunt hypotheses, objectives, technical methodologies, required telemetry, and investigative procedures.
- Analyze endpoint, network, cloud, identity, SIEM, EDR, and log telemetry to identify indicators of compromise (IOCs), suspicious activity, and attack patterns.
- Coordinate and escalate confirmed or suspected findings to the Cybersecurity Triage and Incident Response teams in accordance with the Judiciary SOC Incident Response Plan (JSOCIRP).
- Collaborate with Detection Engineering teams to identify and remediate logging, telemetry, detection, or visibility gaps discovered during threat hunting operations.
- Work closely with Cyber Threat Intelligence teams to operationalize intelligence, enrich investigations, and identify emerging threats impacting the Judiciary.
- Conduct advanced analysis of threat actor behaviors, malware campaigns, phishing activity, suspicious infrastructure, and attack trends.
- Develop detailed Threat Hunt Reports documenting hunt objectives, findings, TTPs, queries used, telemetry gaps, identified risks, and recommendations for improved detections.
- Produce executive-level Hunt Sprint Reports summarizing hunt activities, operational impacts, recommendations, and emerging cybersecurity risks.
- Provide real-time investigative support during cybersecurity incidents and high-priority threat investigations.
- Perform analysis utilizing Splunk Enterprise Security, Microsoft Sentinel, Splunk SOAR, CrowdStrike, Qualys, ServiceNow, Jira, and other AO-approved security platforms.
- Support the development and refinement of threat models tailored to Judiciary systems, high-value assets, and mission-critical environments.
- Develop and maintain threat hunting SOPs, playbooks, technical procedures, and investigative methodologies aligned with AO and federal cybersecurity standards.
- Support enterprise security awareness initiatives through threat briefings, technical reporting, and operational presentations.
- Participate in weekly technical meetings, operational reviews, and status briefings with AO leadership and federal stakeholders.
- Provide mentorship, technical guidance, and quality oversight to threat hunters and supporting analysts.
- Support transition-in and transition-out activities, operational readiness, documentation development, and knowledge transfer activities.
- Drive continuous improvement initiatives focused on detection coverage, telemetry enrichment, operational efficiency, and threat hunting maturity.