Cyber Threat Hunter

The Leidos Digital Modernization sector is looking for a Cyber Threat Hunter to support a Defensive Cyber Operations (DCO) team in Washington, DC. This position is expected to become available in Summer 2026.

Our team provides mission critical, 24/7 operational support to the customer's mission of protecting federal networked systems and services from cyber threats impacting national security. This hybrid position is primarily on-site, with potential for up to 20% telework. While this position will primarily work during core hours (0600 - 1600), this position will be supporting a team of analysts working 24/7 rotating shifts (days, swings, nights). As such, occasional shift work or weekend work may be required to fill unexpected gaps in coverage.

PRIMARY RESPONSIBILITIES

• Hypothesis-Driven Hunting: Develop and execute structured hunt campaigns by forming theories on adversary persistence and lateral movement based on the latest TTPs.
• Advanced Telemetry Analysis: Query and correlate massive datasets across cloud resources, identity systems, and network infrastructure to identify "low and slow" attacks that evade automated detection.
• Detection Engineering Pipeline: Partner with detection teams to transform manual hunt discoveries into high-fidelity, automated detection rules (SIEM/EDR).
• Automated Countermeasure Deployment: Design and maintain automation scripts to scale threat mitigation and isolate compromised assets at machine speed.
• APT Targeting & Engagement: Utilize the MITRE ATT&CK framework to proactively search for Advanced Persistent Threat (APT) activity, assuming a "breach mentality" to uncover hidden adversaries.
• Indications & Warnings (I&W) Integration: Analyze internal and external telemetry to identify early triggers and "smoke" that signal an imminent or ongoing compromise.
• Tactical Reporting & Metrics: Author detailed technical hunt reports summarizing findings, operational gaps, and measurable improvements to the organizations security posture.
• Situational Awareness: Maintain a deep understanding of the current threat landscape, focusing on how new vulnerabilities or malware variants could be exploited within the customer enterprise.

BASIC QUALIFICATIONS

• Bachelor's Degree with 8+ yrs of experience or Master's Degree with 6+ yrs of relevant experience; additional years of experience may be substituted in lieu of degrees.
• DoD 8570 IAT Level II/III: Must hold an IAT Level II or higher certification (or obtain within 180 days). (e.g., CompTIA Security +, CySA+, GSEC and SSCP) or (CASP+ CE, CCNP Security, CISA, GCED, and GCIH)
• DoD 8570 CSSP Analyst: Must hold a CSSP Analyst certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, GIAC Global Information Assurance Certification (GCIA))
• DoD 8570 CSSP Infrastructure Support: Must hold a CSSP Infrastructure Support certification (or obtain within 180 days). (e.g., CompTIA CySA+, Cloud+, EC-Council CEH, CND, CHFI, GIAC GICSP, and ISC2 SSCP)
• Technical Proficiency: Expert knowledge of networking protocols (TCP/IP, DNS, HTTP/S) and common security elements like IDS/IPS and next-gen firewalls.
• Data Analysis: Direct experience analyzing complex packet captures and endpoint logs to reconstruct attack timelines.
• Security Clearance: Current DoD TS/SCI security clearance and ability to pass additional customer suitability screenings prior to start and maintain throughout employment.

PREFERRED SKILLS

• Hunt Methodology: Demonstrated experience planning and executing hunt missions in complex, hybrid-cloud environments.
• Query Languages: Expert proficiency in SPL (Splunk), KQL (Kusto), or DSL (Elastic) for large-scale data mining.
• Scripting for Security: Advanced use of Python, PowerShell, or Bash to automate repetitive hunt tasks and data enrichment.
• Forensic Insight: Previous experience in Digital Forensics or Incident Response (DFIR) to assist in root-cause analysis.
• Cloud Infrastructure: Familiarity with hunting within AWS, Azure, O365, and containerized workloads.
• AI-Enhanced Defense: Experience using AI-driven analytics to sift through noise and identify anomalous behavioral patterns.

About Leidos

If youre looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo - because the mission demands it. Were not hiring followers. Were recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. Were already at step 30 - and moving faster than anyone else dares.

Original Posting

March 12, 2026

For U.S. Positions

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range

Pay Range: $107,900.00 - $195,050.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.