cFocus Software Incorporated
Position Overview
cFocus Software seeks a Threat Hunter to support the Administrative Offices of the United States Courts (AOUSC) in Washington, DC. The role requires 4 days onsite at the Thurgood Marshall Building and 1 day remote, with hours 8:00 am–4:30 pm.
Responsibilities
Provide incident response services and proactively hunt for security incidents not detected by automated alerts.
Explore judicial datasets to identify anomalies indicating threat actor activity; conduct counter‑intelligence and build threat‑actor dossiers.
Respond to government technical requests via the AOUSC ITSM ticket system (e.g., HEAT or ServiceNow).
Analyze SIEM alerts and open‑source intelligence to develop hunt hypotheses.
Plan, execute, and document hypothesis‑based hunts following agile scrum methodology.
Propose and document automated detection scripts based on hunt findings.
Configure, deploy, and troubleshoot EDR agents such as CrowdStrike and Sysmon.
Track and document cyber‑defense incidents from detection through resolution.
Collaborate with IT contacts and vendors to install or diagnose EDR issues.
Participate in after‑action reviews and triage malware events.
Attend daily Agile Scrum stand‑ups and report progress on Jira stories.
Key Qualifications
5 years of experience in threat hunting and incident response across Microsoft Azure, Office 365, Active Directory, and Zscaler.
5 years of experience with Splunk Enterprise Security for hypothesis‑based hunts.
5 years of experience collecting and analyzing data from compromised systems via EDR (e.g., CrowdStrike), Sysmon, Auditd, and custom scripts.
Proficiency with threat‑hunting tools including Microsoft Sentinel, Tenable Nessus, SYN/ACK, NetScout, SPUR.us, and Mandiant Threat Intelligence feeds.
Ability to work 80 % onsite (Monday‑Thursday) at AOUSC in Washington, DC.
One of the following certifications: GCIA, GCIH, GMON, GDAT, Splunk Core Power User.
Public Trust clearance or verified ability to obtain one.
Equal Employment Opportunity Veteran Self‑Identification (optional)
• Disabled veteran – veteran entitled to compensation or who would be entitled except for retirement pay.
• Recently separated veteran – veteran discharged or released within three years.
• Active‑duty wartime or campaign badge veteran – served during a war or authorized campaign.
• Armed forces service medal veteran – served in a U.S. military operation for which a service medal was awarded.
Disability Self‑Identification (optional)
Voluntary. No impact on employment decisions.
#J-18808-Ljbffr
Responsibilities
Provide incident response services and proactively hunt for security incidents not detected by automated alerts.
Explore judicial datasets to identify anomalies indicating threat actor activity; conduct counter‑intelligence and build threat‑actor dossiers.
Respond to government technical requests via the AOUSC ITSM ticket system (e.g., HEAT or ServiceNow).
Analyze SIEM alerts and open‑source intelligence to develop hunt hypotheses.
Plan, execute, and document hypothesis‑based hunts following agile scrum methodology.
Propose and document automated detection scripts based on hunt findings.
Configure, deploy, and troubleshoot EDR agents such as CrowdStrike and Sysmon.
Track and document cyber‑defense incidents from detection through resolution.
Collaborate with IT contacts and vendors to install or diagnose EDR issues.
Participate in after‑action reviews and triage malware events.
Attend daily Agile Scrum stand‑ups and report progress on Jira stories.
Key Qualifications
5 years of experience in threat hunting and incident response across Microsoft Azure, Office 365, Active Directory, and Zscaler.
5 years of experience with Splunk Enterprise Security for hypothesis‑based hunts.
5 years of experience collecting and analyzing data from compromised systems via EDR (e.g., CrowdStrike), Sysmon, Auditd, and custom scripts.
Proficiency with threat‑hunting tools including Microsoft Sentinel, Tenable Nessus, SYN/ACK, NetScout, SPUR.us, and Mandiant Threat Intelligence feeds.
Ability to work 80 % onsite (Monday‑Thursday) at AOUSC in Washington, DC.
One of the following certifications: GCIA, GCIH, GMON, GDAT, Splunk Core Power User.
Public Trust clearance or verified ability to obtain one.
Equal Employment Opportunity Veteran Self‑Identification (optional)
• Disabled veteran – veteran entitled to compensation or who would be entitled except for retirement pay.
• Recently separated veteran – veteran discharged or released within three years.
• Active‑duty wartime or campaign badge veteran – served during a war or authorized campaign.
• Armed forces service medal veteran – served in a U.S. military operation for which a service medal was awarded.
Disability Self‑Identification (optional)
Voluntary. No impact on employment decisions.
#J-18808-Ljbffr