SOC Threat Hunter

Everforth ECS is seeking a SOC Threat Hunter to work in our Portland, OR office. Please Note: This position is contingent upon contract award.The Threat Hunter proactively identifies, investigates, and helps mitigate advanced cyber threats that may evade automated detection and traditional monitoring. This role develops threat hypotheses, analyzes endpoint, network, cloud, identity, and security event data, and conducts structured hunts to uncover suspicious behaviors, attacker techniques, and control gaps.The ideal candidate has strong analytical skills, hands‑on experience with security monitoring and investigation tools, and the ability to translate threat research into repeatable hunt procedures, detection improvements, and actionable findings for SOC, incident response, engineering, and threat intelligence stakeholders.Key ResponsibilitiesThreat Hunting & AnalysisDevelop and execute hypothesis-driven hunts across enterprise, cloud, endpoint, identity, and network data sourcesAnalyze anomalous behavior, suspicious activity, and attacker tactics, techniques, and procedures (TTPs)Use SIEM, EDR, network, log analytics, and threat intelligence tools to identify potential compromise or unauthorized activityValidate hunt findings, assess potential impact, and determine whether escalation to incident response or SOC operations is requiredDetection Development & ImprovementTranslate hunt findings into detection logic, analytic requirements, alert tuning recommendations, and monitoring use casesIdentify gaps in logging, visibility, correlation logic, and alert coveragePartner with SOC analysts, Splunk engineers, security engineers, and threat intelligence analysts to improve detection fidelity and coverageSupport development of repeatable hunt playbooks, queries, dashboards, and analytic proceduresResearch emerging threats, adversary behaviors, malware trends, vulnerabilities, and exploitation techniques relevant to the environmentMap threat activity and hunt hypotheses to recognized frameworks such as MITRE ATT&CKIncorporate threat intelligence into hunt planning, detection enhancement, and investigative workflowsProvide feedback to threat intelligence teams on observed activity, intelligence gaps, and collection prioritiesSupport advanced investigations by correlating security events, system activity, user behavior, and contextual dataDocument investigative steps, evidence, conclusions, and recommended follow-up actionsCoordinate with SOC Tier 2 and Tier 3 analysts, forensics personnel, and incident response teams during escalationsAssist with post‑incident hunt activity to identify related indicators, lateral movement, persistence, or additional affected assetsProduce clear hunt reports, summaries, findings, and recommendations for technical and leadership audiencesTrack hunt outcomes, recurring patterns, detection gaps, and operational metricsContribute to continuous improvement of SOC processes, analytic standards, and knowledge management resourcesStay current with adversary tradecraft, detection engineering practices, and security analytics techniquesRequired Skills5+ years of experience in cybersecurity operations, threat hunting, incident response, detection engineering, security monitoring, or related rolesHands‑on experience using SIEM, EDR, network security, endpoint telemetry, cloud logging, and/or log analytics platformsStrong understanding of adversary tactics, techniques, and procedures; common attack paths; and enterprise security controlsExperience developing or using hunt hypotheses, detection logic, investigative queries, and analytic playbooksAbility to analyze large volumes of security data and distinguish suspicious activity from benign behaviorStrong written communication skills, including the ability to document findings, evidence, and recommendations clearlyDesired SkillsExperience with Splunk, EDR platforms, packet analysis, cloud security telemetry, identity logs, or scripting for data analysisFamiliarity with MITRE ATT&CK, Cyber Kill Chain, NIST, or other cybersecurity frameworksExperience supporting SOC operations, incident response, malware analysis, forensics, or threat intelligence functionsKnowledge of Windows, Linux, networking, authentication, cloud services, and common attacker toolingCertifications such as GCIH, GCIA, GCFA, GNFA, GREM, CISSP, CySA+, Security+, or equivalent experienceECS Federal LLC is an equal‑opportunity employer and does not discriminate or allow discrimination on the basis of any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran, or any other status protected by applicable federal, state, or local jurisdiction law.#J-18808-Ljbffr

Everforth ECS is seeking a SOC Threat Hunter to work in our Portland, OR office. Please Note: This position is contingent upon contract award.The Threat Hunter proactively identifies, investigates, and helps mitigate advanced cyber threats that may evade automated detection and traditional monitoring. This role develops threat hypotheses, analyzes endpoint, network, cloud, identity, and security event data, and conducts structured hunts to uncover suspicious behaviors, attacker techniques, and control gaps.The ideal candidate has strong analytical skills, hands‑on experience with security monitoring and investigation tools, and the ability to translate threat research into repeatable hunt procedures, detection improvements, and actionable findings for SOC, incident response, engineering, and threat intelligence stakeholders.Key ResponsibilitiesThreat Hunting & AnalysisDevelop and execute hypothesis-driven hunts across enterprise, cloud, endpoint, identity, and network data sourcesAnalyze anomalous behavior, suspicious activity, and attacker tactics, techniques, and procedures (TTPs)Use SIEM, EDR, network, log analytics, and threat intelligence tools to identify potential compromise or unauthorized activityValidate hunt findings, assess potential impact, and determine whether escalation to incident response or SOC operations is requiredDetection Development & ImprovementTranslate hunt findings into detection logic, analytic requirements, alert tuning recommendations, and monitoring use casesIdentify gaps in logging, visibility, correlation logic, and alert coveragePartner with SOC analysts, Splunk engineers, security engineers, and threat intelligence analysts to improve detection fidelity and coverageSupport development of repeatable hunt playbooks, queries, dashboards, and analytic proceduresResearch emerging threats, adversary behaviors, malware trends, vulnerabilities, and exploitation techniques relevant to the environmentMap threat activity and hunt hypotheses to recognized frameworks such as MITRE ATT&CKIncorporate threat intelligence into hunt planning, detection enhancement, and investigative workflowsProvide feedback to threat intelligence teams on observed activity, intelligence gaps, and collection prioritiesSupport advanced investigations by correlating security events, system activity, user behavior, and contextual dataDocument investigative steps, evidence, conclusions, and recommended follow-up actionsCoordinate with SOC Tier 2 and Tier 3 analysts, forensics personnel, and incident response teams during escalationsAssist with post‑incident hunt activity to identify related indicators, lateral movement, persistence, or additional affected assetsProduce clear hunt reports, summaries, findings, and recommendations for technical and leadership audiencesTrack hunt outcomes, recurring patterns, detection gaps, and operational metricsContribute to continuous improvement of SOC processes, analytic standards, and knowledge management resourcesStay current with adversary tradecraft, detection engineering practices, and security analytics techniquesRequired Skills5+ years of experience in cybersecurity operations, threat hunting, incident response, detection engineering, security monitoring, or related rolesHands‑on experience using SIEM, EDR, network security, endpoint telemetry, cloud logging, and/or log analytics platformsStrong understanding of adversary tactics, techniques, and procedures; common attack paths; and enterprise security controlsExperience developing or using hunt hypotheses, detection logic, investigative queries, and analytic playbooksAbility to analyze large volumes of security data and distinguish suspicious activity from benign behaviorStrong written communication skills, including the ability to document findings, evidence, and recommendations clearlyDesired SkillsExperience with Splunk, EDR platforms, packet analysis, cloud security telemetry, identity logs, or scripting for data analysisFamiliarity with MITRE ATT&CK, Cyber Kill Chain, NIST, or other cybersecurity frameworksExperience supporting SOC operations, incident response, malware analysis, forensics, or threat intelligence functionsKnowledge of Windows, Linux, networking, authentication, cloud services, and common attacker toolingCertifications such as GCIH, GCIA, GCFA, GNFA, GREM, CISSP, CySA+, Security+, or equivalent experienceECS Federal LLC is an equal‑opportunity employer and does not discriminate or allow discrimination on the basis of any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran, or any other status protected by applicable federal, state, or local jurisdiction law.#J-18808-Ljbffr

• 

• Government Careers