Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
7+ years of experience in threat detection, threat hunting, or SOC operations
Experience with SIEM platforms (e.g., Splunk), EDR tools (e.g., CrowdStrike), and cloud security tools (AWS Security)
Strong knowledge of MITRE ATT&CK framework and threat actor tactics, techniques, and procedures (TTPs)
Requirements:
Design, develop, and maintain threat detection use cases, analytics, and correlation rules within SIEM/SOAR platforms (e.g., Splunk)
Perform proactive threat hunting across network, endpoint, and cloud environments to identify advanced persistent threats and anomalous behavior
Analyze logs, alerts, and telemetry from multiple sources (EDR, IDS/IPS, cloud, applications) to detect malicious activity
Leverage threat intelligence (CISA, MITRE ATT&CK, vendor feeds) to enhance detection logic and hunting strategies
Job description
cFocus Software seeks a Detection Engineer / Threat Hunter to join our program supporting Housing and Urban Development (HUD). This position is remote. This position requires a Public Trust clearance. Qualifications:
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
7+ years of experience in threat detection, threat hunting, or SOC operations.
Experience with SIEM platforms (e.g., Splunk), EDR tools (e.g., CrowdStrike), and cloud security tools (AWS Security).
Strong knowledge of MITRE ATT&CK framework and threat actor tactics, techniques, and procedures (TTPs).
Duties:
Design, develop, and maintain threat detection use cases, analytics, and correlation rules within SIEM/SOAR platforms (e.g., Splunk).
Perform proactive threat hunting across network, endpoint, and cloud environments to identify advanced persistent threats and anomalous behavior.
Analyze logs, alerts, and telemetry from multiple sources (EDR, IDS/IPS, cloud, applications) to detect malicious activity.
Leverage threat intelligence (CISA, MITRE ATT&CK, vendor feeds) to enhance detection logic and hunting strategies.
Continuously improve detection coverage and reduce false positives through tuning and automation.
Develop and execute threat hunting hypotheses based on emerging threats and intelligence.
Collaborate with incident response teams to investigate and contain security incidents.
Build and maintain detection playbooks and automation workflows.
Support development of advanced analytics and behavioral detection models.
Conduct root cause analysis of incidents and recommend security improvements.
Participate in continuous monitoring and SOC operations supporting 24/7/365 mission.
Perform gap analysis of detection capabilities and recommend improvements.
Support log aggregation, enrichment, and normalization for improved detection fidelity.
Create dashboards and reporting to communicate threat posture and detection effectiveness.
Contribute to security architecture improvements and tool optimization.
