Cyber Threat Hunter Lead

Leidos is a Fortune 500 technology, engineering, and solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, civil, and health markets. 

Overview:
The Leidos Civil Group has an exciting opportunity for a skilled and experienced Cyber Threat Hunt Lead to join our growing team. This individual will be responsible for leading proactive threat hunting operations, leveraging threat intelligence, and collaborating across teams to protect our clients’ digital assets and critical infrastructure. The ideal candidate will possess deep expertise in cybersecurity, including network security, security event management, incident response, and emerging threat detection technologies.

In addition to technical expertise, the candidate will serve as a SOC leadership backup, providing guidance and oversight in scenarios where the primary SOC Lead is unavailable. This includes leading team operations, managing escalations, and providing situational updates to senior leadership and stakeholders during active incidents or high-priority events.

CLEARANCE REQUIREMENT: Public Trust

Key Responsibilities:

• Lead the development and execution of proactive threat hunting missions using threat intelligence and advanced analytics.

• Collaborate with cross-functional teams—including network, endpoint, security, and IT operations—to understand client needs and translate them into actionable strategies.

• Develop and maintain detailed documentation for SOC architecture, design, and operational processes.

• Provide mentoring, training, and technical guidance to SOC analysts and other team members.

• Assist in the development of incident response plans, threat detection methodologies, and security policies aligned with client-specific requirements.

• Remain current on cybersecurity trends, threat actor tactics, tools, and procedures (TTPs), and best practices to inform and enhance threat hunting activities.

• Contribute to continuous improvement initiatives aimed at increasing SOC efficiency and threat detection capabilities.

• Support incident response efforts when necessary, including real-time investigation and containment.

• Effectively communicate complex technical concepts to both technical and non-technical stakeholders.

• Demonstrate strong critical thinking and problem-solving abilities, with a flexible and adaptive approach to evolving threats.

Additional Responsibilities:

• Act as the SOC point of contact for leadership communications in the absence of the SOC Lead.

• Provide timely and accurate operational updates and threat assessments to executive stakeholders during critical events.

• Coordinate task assignments and maintain team efficiency to ensure continuous monitoring and incident response coverage.

• Mentor junior analysts and foster a culture of continuous learning and operational excellence.

• Ensure escalation protocols are followed and documented during high-severity incidents.

• Represent the SOC in interdepartmental or cross-agency meetings as needed.

Basic Qualifications:

• Bachelor’s degree in Computer Science, Cybersecurity, or a related technical field.

• Minimum of 8 years of relevant cybersecurity experience, preferably in a SOC environment.

• Strong hands-on experience with Microsoft Sentinel, including configuration of data connectors, normalization of logs, and threat intelligence feed integration.

• Demonstrated expertise in threat detection, incident response, and SOAR concepts.

• Excellent verbal and written communication skills.

• Proven ability to work independently and collaboratively in a fast-paced, mission-critical environment.

• Familiarity with federal cybersecurity guidance including M-21-31, the NIST Cybersecurity Framework, CISA Incident and Vulnerability Playbooks, and CISA Binding Operational Directives (e.g., BOD 22-01).

• Experience planning and executing threat hunt and incident response engagements.

• Proficiency with both network and endpoint defense technologies.

• Experience configuring and tuning User and Entity Behavior Analytics (UEBA) tools.

• Skilled in leveraging Python and AI/ML frameworks for advanced cyber threat analytics.

• Ability to define and report on SOC metrics, develop dashboards, and configure alerting workflows.

• Experience with Microsoft 365, Microsoft Azure, and familiarity with ServiceNow and ServiceNow workflows.

• Knowledge of CISA Continuous Diagnostics and Mitigation (CDM) tools and integration strategies.

• Industry certifications such as Microsoft SC-200, GCFA, GCTI, or similar are highly desirable.

Original Posting:

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.