Job Description

The Cyber Threat Hunter proactively protects enterprise environments from advanced cyber threats by analyzing network, endpoint, and log data to identify malicious activity that may evade conventional security controls. This role establishes normal traffic and data-flow baselines, detects anomalies, develops threat hypotheses, and investigates adversary tactics, techniques, and procedures to strengthen cyber defense and incident response operations. This role directly supports a proactive SOC model by contributing to detection engineering, monitoring enhancements, automation development and continuous gap analysis to identify and mitigate emerging threats before they materialize.

Key Responsibilities

• Conduct proactive threat hunting across networks, endpoints, and security datasets to identify, isolate, and help eradicate advanced threats before they impact operations.
• Analyze logs from multiple sources, including packet captures, correlation engines, parsed security data, and endpoint telemetry, to detect suspicious behavior and validate threat activity.
• Establish and maintain baseline patterns for normal traffic, system activity, and data flows to improve anomaly detection and investigative accuracy.
• Collaborate closely with SOC analysts and detection engineers to recommend new alerts, analytics, and monitoring logic based on threat hunting findings, emerging trends, and identified visibility gaps.
• Develop automation scripts and workflows (using SOAR platforms, Python, PowerShell, or similar tools) to streamline threat hunting activities, automate repetitive analytical tasks, and reduce detection and response time.
• Research and track adversary tactics, techniques, and procedures (TTPs), developing technical hypotheses and investigative leads based on threat intelligence and observed behaviors.
• Support incident response activities by creating incident documentation, follow-up actions, reporting criteria, and recommendations that improve overall response maturity and operational resilience.
• Examine and characterize malware and cyber threats, including viruses, worms, bots, rootkits, and Trojan horses, to determine threat nature, scope, and potential impact.
• Apply reverse engineering and binary analysis techniques using tools such as Ghidra and IDA Pro to support vulnerability research and understand malicious code behavior.

Required Qualifications

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field, or equivalent relevant experience.
• 4 years of experience in cybersecurity or a closely related technical security role.
• Demonstrated ability to perform system administrator-level analysis across multiple platforms and operating systems in support of cyber investigations.
• Strong analytical and problem-solving skills with the ability to identify, track, and assess adversary TTPs and suspicious activity.
• Knowledge of intrusion detection methodologies, evidence preservation practices, and cyber defense and information security policies, procedures, and regulations.
• Ability to support work in a U.S.-only staffing environment and satisfy any client-required background investigation or security requirements.

Preferred Qualifications

• Relevant cybersecurity certifications such as GCDA, GNFA, CompTIA PenTest+ (Removed CISSP), CISM, or CompTIA CySA+.
• Experience with reverse engineering, malware analysis, vulnerability research, and threat analysis in enterprise or government environments.
• Familiarity with U.S. Army Corps of Engineers (USACE) IT policies and operational security requirements.
• Experience preparing technical reports, incident summaries, and threat findings for stakeholders and operational leadership.

Job Specific Skills

• Threat hunting and anomaly detection.
• Log correlation and security event analysis.
• Packet capture analysis and data parsing.
• Malware analysis, reverse engineering, and binary analysis.
• Threat intelligence analysis and TTP identification.
• Incident response documentation and reporting.

• Detection engineering collaboration and monitoring enhancement support.

Qualifications

Compensation Ranges

Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.

Physical Requirements

The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.

Disclaimer

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.