SOC Threat Hunter

Job Description

Everforth ECS is seeking a SOC Threat Hunter to work in our Portland, OR office. Please Note: This position is contingent upon contract award.

The Threat Hunter proactively identifies , investigates, and helps mitigate advanced cyber threats that may evade automated detection and traditional monitoring. This role develops threat hypotheses, analyzes endpoint, network, cloud, identity, and security event data, and conducts structured hunts to uncover suspicious behaviors, attacker techniques, and control gaps.

The ideal candidate has strong analytical skills, hands-on experience with security monitoring and investigation tools, and the ability to translate threat research into repeatable hunt procedures, detection improvements, and actionable findings for SOC, incident response, engineering, and threat intelligence stakeholders.

Key Responsibilities

Threat Hunting & Analysis

• Develop and execute hypothesis-driven hunts across enterprise, cloud, endpoint, identity, and network data sources
• Analyze anomalous behavior, suspicious activity, and attacker tactics, techniques, and procedures (TTPs)
• Use SIEM, EDR, network, log analytics, and threat intelligence tools to identify potential compromise or unauthorized activity
• Validate hunt findings, assess potential impact, and determine whether escalation to incident response or SOC operations is required
  
  

Detection Development & Improvement

• Translate hunt findings into detection logic, analytic requirements, alert tuning recommendations, and monitoring use cases
• Identify gaps in logging, visibility, correlation logic, and alert coverage
• Partner with SOC analysts, Splunk engineers, security engineers, and threat intelligence analysts to improve detection fidelity and coverage
• Support development of repeatable hunt playbooks, queries, dashboards, and analytic procedures
  
  

Threat Research & Intelligence Application

• Research emerging threats, adversary behaviors, malware trends, vulnerabilities, and exploitation techniques relevant to the environment
• Map threat activity and hunt hypotheses to recognized frameworks such as MITRE ATT&CK
• Incorporate threat intelligence into hunt planning, detection enhancement, and investigative workflows
• Provide feedback to threat intelligence teams on observed activity, intelligence gaps, and collection priorities
  
  

Investigation Support & Escalation

• Support advanced investigations by correlating security events, system activity, user behavior, and contextual data
• Document investigative steps, evidence, conclusions, and recommended follow-up actions
• Coordinate with SOC Tier 2 and Tier 3 analysts, forensics personnel, and incident response teams during escalations
• Assist with post-incident hunt activity to identify related indicators, lateral movement, persistence, or additional affected assets
  
  

Reporting & Continuous Improvement

• Produce clear hunt reports, summaries, findings, and recommendations for technical and leadership audiences
• Track hunt outcomes, recurring patterns, detection gaps, and operational metrics
• Contribute to continuous improvement of SOC processes, analytic standards, and knowledge management resources
• Stay current with adversary tradecraft, detection engineering practices, and security analytics techniques
  
  

Required Skills

• 5 years of experience in cybersecurity operations, threat hunting, incident response, detection engineering, security monitoring, or related roles
• Hands-on experience using SIEM, EDR, network security, endpoint telemetry, cloud logging, and/or log analytics platforms
• Strong understanding of adversary tactics, techniques, and procedures; common attack paths; and enterprise security controls
• Experience developing or using hunt hypotheses, detection logic, investigative queries, and analytic playbooks
• Ability to analyze large volumes of security data and distinguish suspicious activity from benign behavior
• Strong written communication skills, including the ability to document findings, evidence, and recommendations clearly
  
  

Desired Skills

• Experience with Splunk, EDR platforms, packet analysis, cloud security telemetry, identity logs, or scripting for data analysis
• Familiarity with MITRE ATT&CK, Cyber Kill Chain, NIST, or other cybersecurity frameworks
• Experience supporting SOC operations, incident response, malware analysis, forensics, or threat intelligence functions
• Knowledge of Windows, Linux, networking, authentication, cloud services, and common attacker tooling
• Certifications such as GCIH, GCIA, GCFA, GNFA, GREM, CISSP, CySA , Security , or equivalent experience
  
  

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven
  
  

Meet the challenge. Make a difference with Everforth ECS!