Own your opportunity to serve as a critical component of our nation’s safety and security. Make an impact by using your expertise to protect our country from threats.
The Threat Hunt Lead is responsible for overseeing all cyber threat hunt, adversary analysis, malware analysis, and digital forensics mission activities under an upcoming government contract. Hunts will include operations within sensitive environments such as Operation Technology (OT), Industrial Control Systems (ICS) and other Critical Infrastructure (CI) networks.
The successful leader directs multidisciplinary hunt and forensic teams providing full spectrum detection, analysis, and response capabilities that enable federal stakeholders to identify, understand, and counter sophisticated cyber threats across federal, State Local Tribal and Territorial (SLTT), commercial, critical infrastructure, and cloud environments.
The Threat Hunt Lead ensures continuous detection of adversary behavior, manages simultaneously deployed hunt operations, oversees advanced malware and forensics workflows, and delivers high quality analytic products that inform national cyber defense actions. The role maintains readiness of personnel, tools, and flyaway kits to support rapid, remote, or onsite engagements.
Key Responsibilities
Adversary, Malware, and Forensics Analysis Oversight
Oversee simultaneously deployed hunt operations teams performing adversary tool analysis, including dynamic and static malware analysis and full reverse engineering of binaries, scripts, malicious documents, and artifacts to determine functionality, behavior, and command and control mechanisms.
Ensure simultaneously deployed teams develop custom scripts, tools, and analytic methods to identify, characterize, and visualize adversary techniques across hunt, malware, and forensics workflows within both established and a-typical cyber environments e.g., OT/ICS environments, commercial environments
Thread Hunt Operations Management
Oversee full spectrum hunt and incident response engagements, onsite and/or remote, ensuring simultaneously deployed teams identify threats, assess impact, and recommend remedial actions to local stakeholders.
Direct continuous analysis of established and a-typical cyber defense sensor data, endpoint activity, network flows, cloud telemetry, and communications data to detect adversarial behavior and anomalous activity.
Ensure simultaneously deployed hunt teams maintain continuous awareness of emerging attack techniques, threat actors, tools, and methodologies to remain effective and up to date.
Oversee both classified and unclassified delivery of federal stakeholder branded analytic products, intelligence deliverables, threat assessments, and technical reports that contextualize adversary activity.
Understand, direct, oversee and ensure adherence to established frameworks of reporting mechanisms such as MITRE ATT&CK (Enterprise, Mobile, ICS, etc.)
Host Based, Network, Cloud, and OT/ICS Forensics Leadership
Oversee simultaneously deployed teams performing forensic examination across host systems and digital media (phones, hard drives, memory images, etc.)
Direct simultaneously deployed network forensics operations to identify threat attacker behavior, develop network signatures, analyze network traffic and configurations, and produce authoritative forensic reports.
Malware Analysis and Operations Oversight
Oversee simultaneously deployed malware operations teams responsible for evaluating complex malicious code, performing static/dynamic analysis, triaging samples, and generating high quality technical reports.
Oversee team’s simultaneously deployed workflows for the management of malware submissions to pre-approved stakeholders only and where/when applicable, include triage, prioritization, and status tracking.
Ensure teams develop metrics to evaluate analysis throughput, accuracy, timeliness, and mission impact.
Operational Processes, Procedures, and Performance Metrics
Oversee the stakeholder approved development, maintenance, and improvement of Standard Operating Procedures (SOPs), playbooks, analytic processes, workflows, robotic process automations (RPAs) and procedures supporting hunt, malware, and forensic operations.
Ensure simultaneously deployed teams contribute to performance metrics measuring forensic effectiveness, response quality, hunt mission impact, and operational readiness.
Deployable Hunt and Forensic Capability Management (Flyaway Kits)
Oversee readiness of all deployable hunt and forensics resources; including fullcapacity and reducedcapacity flyaway kits, storage media, imaging systems, and tools.
Ensure kits are provisioned, tested, updated, sanitized, and secured in accordance with chainofcustody and data handling requirements.
Required Qualifications
Experience leading simultaneously deployed hunt, malware analysis, digital forensics, or incident response teams within largescale, enterprise, commercial and OT/ICS cyber defense programs.
Deep knowledge of nation state, emerging and established adversary TTP analysis, reverse engineering, forensic acquisition, and threat detection methodologies.
Preferred Qualifications
Experience supporting federal stakeholders such as the DHS, DoW, the Intelligence Community (IC), the FBI and/or other national security cyber missions.
Certifications such as GREM, Certified Threat Hunter (MTH), Offensive Security Certified Professional Plus (OCSP+), GIAC Penetration Tester (GPEN), GCTI, GNFA, GRID, CRTO or similar advanced technical credentials.
GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.
- Growth: AI-powered career tool that identifies career steps and learning opportunities
- Support: An internal mobility team focused on helping you achieve your career goals
- Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
- Community: Award-winning culture of innovation and a military-friendly workplace