What are the responsibilities and job description for the Data Security Analyst II, Threat Hunter - Red Hat position at Neos Consulting Group?
Neos is Seeking a Data Security Analyst II (Threat Hunter, Red Hat) for a contract role for with our client in Austin, TX.
This position is Remote, outside of Austin
Local candidates will be Hybrid - 1 day per week in office, Wednesdays
located at 5500 E. Oltorf ST, Austin, TX 78741
Job Description
Data Security Analyst II – Threat Hunter (Red Hat / Linux)
Department: IT Enterprise Information Security
Location: Remote (outside Austin) or Hybrid (Austin, TX – one day onsite per week)
Position Overview
Position Summary
The Office of Attorney General (OAG) is seeking a highly skilled Threat Hunter with extensive Red Hat / Linux security experience to support proactive threat identification across OAG’s enterprise environment. This position will focus on analyzing security telemetry, investigating risk indicators, and conducting deep-dive threat hunting activities to determine whether suspicious behavior warrants escalation, containment, or policy updates.
The ideal candidate will combine hands-on investigative skill with ethical hacking / adversary simulation techniques to validate potential exposure paths and determine how an attacker could compromise systems. This individual will develop structured threat hunting playbooks and risk-based investigative procedures that can be operationalized and automated (in collaboration with Splunk/SIEM engineering resources).
Key Responsibilities
- HYBIRD (AUSTIN) or REMOTE - CANDIDATES CURRENTLY RESIDING IN THE AUSTIN, TEXAS AREA OR IN U.S. NEED APPLY***
This position is Remote, outside of Austin
Local candidates will be Hybrid - 1 day per week in office, Wednesdays
located at 5500 E. Oltorf ST, Austin, TX 78741
Job Description
Data Security Analyst II – Threat Hunter (Red Hat / Linux)
Department: IT Enterprise Information Security
Location: Remote (outside Austin) or Hybrid (Austin, TX – one day onsite per week)
Position Overview
Position Summary
The Office of Attorney General (OAG) is seeking a highly skilled Threat Hunter with extensive Red Hat / Linux security experience to support proactive threat identification across OAG’s enterprise environment. This position will focus on analyzing security telemetry, investigating risk indicators, and conducting deep-dive threat hunting activities to determine whether suspicious behavior warrants escalation, containment, or policy updates.
The ideal candidate will combine hands-on investigative skill with ethical hacking / adversary simulation techniques to validate potential exposure paths and determine how an attacker could compromise systems. This individual will develop structured threat hunting playbooks and risk-based investigative procedures that can be operationalized and automated (in collaboration with Splunk/SIEM engineering resources).
Key Responsibilities
- Proactively hunt for threats by analyzing security telemetry and risk indicators across OAG’s enterprise environment, identifying suspicious activity, privilege misuse, persistence, and lateral movement.
- Lead deep-dive investigations in Red Hat / Linux (RHEL) environments by reviewing system logs, authentication activity, services, binaries, scheduled tasks, and network behavior to validate potential compromise.
- Partner with SIEM/Splunk engineering to implement and harden Copilot-driven Splunk workflows , including least-privilege access, secure data handling, logging/monitoring, and control validation to prevent data leakage or unintended exposure.
- Triage and assess risk severity to determine whether findings require escalation, containment, deeper investigation, or immediate mitigation actions.
- Conduct ethical hacking/adversary-based validation (within approved rules of engagement) to confirm exploitability, attack paths, and real-world impact to systems.
- Develop structured and repeatable threat hunting playbooks (signals, validation steps, evidence required, escalation triggers, and mitigation actions) and translate findings into detection requirements.
- Partner with SIEM/Splunk engineering to operationalize and automate playbooks into Splunk workflows, alerts, and response processes.
- Recommend security control enhancements and policy updates based on investigation outcomes, and document findings in a clear, defensible format for leadership and technical teams.
- 6 years of experience in threat hunting, incident response, or security investigations in a security enterprise environment.
- 6 years of extensive hands-on experience with Red Hat / Linux security (RHEL preferred).
- 3 years experience supporting environments that include hybrid infrastructure (cloud on-prem) .
- 1 years experience enabling and securing AI-driven SOC workflows , including Microsoft Copilot integration with SIEM platforms (Splunk preferred) , with a focus on least-privilege access, data governance, auditability, and secure implementation patterns .
- Proven ability to analyze system-level telemetry and determine real risk vs noise.
- Strong experience performing deep investigative analysis and making escalation recommendations.
- Demonstrated experience with ethical hacking / adversary simulation and understanding how compromise occurs.
- Ability to develop structured playbooks and investigative procedures for repeatable threat hunting.
- Experience partnering with SIEM/Splunk teams to operationalize detection logic and automation.
- Familiarity with common attacker techniques (MITRE ATT&CK mapping experience preferred).
- Certifications are a plus (examples: Security , CEH, OSCP, GIAC), but hands-on capability matters most.