CBO - Tier 3 / Threat Hunter

cFocus Software seeks a Tier 3 / Threat Hunter to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance.Qualifications:Active Public Trust clearanceB.S. Computer Science, Information Technology, or a related field7+ years of experience in cybersecurity operations, threat hunting, or incident responseStrong experience with Microsoft Sentinel and Kusto Query Language (KQL)Hands-on experience with Microsoft Defender XDR (Endpoint, Identity)Experience analyzing logs across cloud (AWS), network, and endpoint environmentsStrong knowledge of MITRE ATT&CK framework and adversary techniquesExperience with digital forensics and malware analysisAbility to conduct root cause analysis and develop remediation strategiesExperience working in 24x7 SOC environmentsPreferred certifications include but are not limited toGCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certificationsMicrosoft Sentinel or Microsoft security platform certificationsRelevant cloud security certifications (e.g., AWS security)Privacy certifications (e.g., CIPP/US, CIPM) where applicableDuties:Conduct proactive threat hunting across identity, endpoint, network, and cloud telemetryLead advanced incident investigations including root cause analysis and forensic analysisDevelop and tune detection logic and analytics within Microsoft Sentinel (KQL)Perform correlation of multi-source telemetry aligned to MITRE ATT&CK frameworkAnalyze logs from Microsoft Defender (Endpoint, Identity), AWS, firewalls, VPNs, and other sourcesSupport incident containment, eradication, and recovery activitiesDevelop and improve threat hunting hypotheses based on intelligence and trendsValidate and refine detection use cases and monitoring capabilitiesSupport red team / purple team exercises and adversary emulationProduce detailed incident reports, including timelines and remediation recommendationsIdentify security gaps and recommend mitigation strategiesCollaborate with Tier 1 and Tier 2 analysts to improve triage and escalation processesPowered by JazzHR