[Hiring] Threat Hunter @ShorePoint

Role Description

We are seeking a Threat Hunter to support and enhance our 24/7 Security Operations Center. This role combines advanced threat detection, incident investigation, and threat hunting with hands-on development of SIEM use cases, automation, and analytics to identify and respond to sophisticated threats, including lateral movement. The ideal Threat Hunter brings strong investigative expertise and a builder mindset to continuously improve detection capabilities and strengthen overall SOC effectiveness.

What you’ll be doing:

• Provide first-line SOC support, including alert monitoring, triage, routing, escalation, and response across 24x7x365 operations.
• Monitor, analyze, and investigate security events, network traffic, and host-based detections, distinguishing malicious activity from false positives.
• Perform proactive and creative threat hunting and anomaly detection across SIEM and security tools, identifying patterns, lateral movement, and emerging threats.
• Conduct incident investigation, Cyber Threat Assessment, and Remediation Analysis, including processing and correlating incident indicators with threat intelligence.
• Tune and develop SIEM correlation rules and detection logic and rapidly build detection use cases in collaboration with incident response (IR) teams.
• Develop and maintain scripts and tools (Python, Bash) to automate SOC and IR functions, including Indicator of Compromise (IoC) ingestion, log processing, and SIEM integrations via APIs.
• Research, develop, and maintain dashboards, visualizations, and analytics to support detection, reporting, and SOC performance monitoring.
• Produce, review, and maintain documentation and reporting, including cybersecurity briefings, metrics, incident reports, and deliverables for stakeholders at all levels, ensuring alignment with editorial standards and government specifications.
• Support threat intelligence operations, including reviewing and actioning IoCs and translating intelligence into actionable detections.
• Coordinate with internal teams and stakeholders to support engagements such as Insider Threat, Rule of Engagement (ROE), threat hunting, testing activities, and after-action reporting.
• Support SOC operations processes, including ticket tracking, customer security assessments, ad hoc investigations, tabletop exercises, and lessons learned activities.
• Contribute to continuous SOC improvement by enhancing detection capabilities, processes, communication, and overall operational effectiveness; participate in on-call rotation.

Qualifications

• Deep understanding of cyber threat TTPs, threat hunting methodologies, and application of the MITRE ATT&CK framework.
• Experience supporting 24x7x365 SOC operations, including alert monitoring, triage, analysis, response, and review/action of threat intelligence and reported incidents.
• Ability to manage multiple alerts and tickets in parallel, perform end-to-end triage through resolution, and appropriately prioritize response actions including coordination with end-users.
• Strong experience analyzing and correlating security events across multi-source ecosystem, including endpoint, network, email security tools, SIEM platforms, and federal threat intelligence (e.g., CISA).
• Demonstrated proficiency with enterprise security tools and platforms, including but not limited to FireEye, Elastic, Sourcefire, Malwarebytes, Carbon Black/Bit9, Splunk, Prisma Cloud, Cisco IronPort, Bluecoat, Palo Alto, Cylance, and OSSEC.
• Hands-on experience with enterprise SIEM or security analytics platforms (e.g., Elastic Stack, Splunk), including log analysis, event correlation, and detection support.
• Experience with malware analysis and understanding of attack vectors involving malware, data exposure, phishing, and social engineering techniques.
• Experience developing and maintaining SOPs, performing event timeline analysis, and investigating logs across Windows/Linux environments and network security devices.

Requirements

• 5+ years of technical experience.
• Ability to support working hours: 8:45 AM - 5:15 PM Eastern Time.
• Ability to participate in a rotating SOC on-call; rotation is based on number of team members.
• Demonstrated proficiencies with one or more toolsets such as Bit9/CarbonBlack, CrowdStrike, FireEye ETP, Elastic Kibana.
• Solid understanding and experience analyzing security events generated from security tools and devices such as: Carbon Black, CrowdStrike, FireEye, Palo Alto, Cylance, and OSSEC.

Beneficial to have:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Mathematics, Engineering, or a related field.
• One or more of the following certifications: GIAC (GCIH, GCFE, GCFA, GREM, GNFA, GCTI, GPEN, GWAPT), CEPT, CASS, CWAPT, or CREA.

Benefits

• 144 hours of PTO.
• 11 holidays.
• 85% of insurance premium covered.
• 401k.
• Continued education, certifications maintenance, and reimbursement.
• More benefits available.

Where it’s done:

Remote (Herndon, VA)