Cyber Threat Intelligence Hunter

Cyber Threat Hunter - Lead Advanced Threat Detection & Proactive Defense

Leidos is seeking a Cyber Threat Hunter to join a mission‑critical cybersecurity team dedicated to staying ahead of sophisticated adversaries. In this role, you'll proactively hunt for malicious activity, analyze emerging attacker tactics, and transform intelligence into actionable defensive improvements that protect high‑value assets. If you thrive on uncovering the unknown, analyzing complex threat patterns, and strengthening enterprise‑wide defenses, this is where your expertise will shine.

You'll work closely with SOC analysts, incident responders, and security engineers to elevate detection capabilities, guide investigations, and mentor others in advanced threat‑hunting tradecraft.

What You'll Do

As a Cyber Threat Hunter, you'll lead proactive detection efforts, analyze threat intelligence, and develop advanced detection content to stay ahead of evolving threats.

Your responsibilities include:

• Conducting proactive threat hunts to identify suspicious activity before it escalates

• Applying critical thinking to analyze threat intelligence, attacker TTPs, and emerging techniques

• Reviewing and correlating logs from firewalls, hosts, EDR, IDS/IPS, and other internal sources

• Responding to RFIs and conducting scoped investigations using all available tools

• Leveraging strong knowledge of security controls across Endpoint, Cloud, SaaS, and Identity

• Using EDR platforms to investigate alerts, anomalies, and malicious activity

• Developing custom SIEM and IDS rules/signatures to strengthen detection capabilities

• Performing incident handling tasks including triage, response, documentation, and lessons learned

• Educating customers on threats and advising on best practices

• Analyzing ongoing attacks such as phishing, DDoS, ransomware, and data leakage

• Tracking and engaging with threat actors across the clear, deep, and dark web

• Serving as a subject‑matter expert in threat intelligence and advanced detection

• Building dashboards, alerts, and monitoring content within SIEM and other security tools

• Continuously optimizing detection content to support SOC operations

• Creating and maintaining technical documentation, detection strategies, and monitoring processes

• Identifying detection gaps and recommending improvements

• Mentoring SOC analysts and guiding team members in tactical security practices

• Developing strategies for incident handling and coordinating responses to security breaches

Required Qualifications & Skills

You bring deep analytical skills, hands‑on threat‑hunting experience, and the ability to lead investigations in complex environments.

• Active DoD TS/SCI clearance

• Current DoD 8140‑compliant security certification; ability to obtain CE certification within 6 months

• Bachelor's degree and 6+ years of cybersecurity experience (or equivalent experience/certifications)

• Experience with Endpoint Detection and Response (EDR) platforms

• Strong understanding of security controls across Endpoint, Cloud, SaaS, and Identity

• Background in analyzing alerts and identifying anomalous or malicious activity

• Experience developing detection content and understanding content lifecycle management

• Ability to analyze logs from Network/Host, EDR, Firewall, IDS/IPS, and Cloud sources

• Experience leading incident response engagements

• Knowledge of security architectures, firewalls, vulnerabilities, and system/application threats

• Strong communication skills for presenting findings to stakeholders

• Ability to travel as required

• Proven, well‑rounded experience in information security

Preferred Qualifications

These skills will help you stand out:

• Bachelor's degree in IT, CIS, Cybersecurity, or related field

• Certifications such as CySA+, CASP+, CISSP, or equivalent

• Familiarity with MITRE ATT&CK and other security frameworks

• Experience with Security Onion

• Hands‑on experience with tools such as EDR, Firewalls, IDS/IPS, DLP, SIEM, forensic/malware analysis, and cloud security tools

• Strong analytical, problem‑solving, communication, and project management skills

Why This Role Matters

As a Cyber Threat Hunter, you are the frontline defender against advanced adversaries. Your work uncovers hidden threats, strengthens detection capabilities, and ensures the organization stays ahead of evolving cyber risks. This is your opportunity to lead, innovate, and make a measurable impact on mission security.

#DINM

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo - because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 - and moving faster than anyone else dares.

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo - because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 - and moving faster than anyone else dares.

Original Posting:

March 26, 2026

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $107,900.00 - $195,050.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.