Cybersecurity Detection Engineer

About Hunter Strategy

Hunter Strategy has a unique philosophy to technical project delivery. We treat all our customers like mission partners because they rely on our team to meet their objectives through complex software engineering, cloud operations, and cyber risk management solutions. Hunter Strategy was founded on the premise that IT is 21st century infrastructure - critically important but only instrumentally valuable. Accordingly, our teams look at problems with a single objective: the identification and enablement of the right capability to address the most vexing problems our Mission Partners face. We continue to support our partners' success by leveraging the right technology, with the right plan, and the right team to address tomorrow's challenges today.

Job Overview

We are seeking a skilled Cybersecurity Detection Engineer to join our Information Technology Security Office (ITSO) Security Operations Center (SOC). The ideal candidate will blend technical skills, threat research experience, and knowledge of adversary techniques to enhance our cybersecurity defenses.

Key Responsibilities

• Create high-fidelity, actionable alerts using new and existing data sources for quick and effective threat identification, analysis, and eradication
• Identify opportunities to improve the effectiveness of existing detection efforts
• Develop methodologies to maintain and maximize the integrity and effectiveness of existing alerting
• Create, periodically review, test, and validate custom detection content
• Leverage cybersecurity threat intelligence to defend against real-world threats
• Collaborate with the SOC’s incident response teams to meet operational needs
• Stay familiar with adversary Tactics, Techniques, and Procedures (TTPs)

Qualifications

1. Bachelor’s degree in Computer Science, Cybersecurity, or a related field plus 8 years of professional experience (4 additional years of professional experience in lieu of degree)
2. At least one of the following certifications:
   • Splunk Enterprise Security Certified Admin credential
   • Passed AZ-500 Microsoft Azure Security Technologies exam
3. Minimum 3 years of experience in detection engineering, threat hunting, security operations, or incident response using Splunk Enterprise Security or Microsoft Sentinel
4. Experience with adding, updating, and deleting detection rules in Splunk Enterprise Security and Microsoft Sentinel
5. Proficiency in detection engineering methodologies, including SNORT and YARA rules
6. Proficiency in Python programming, Bash, and PowerShell
7. Proficiency in Splunk’s Search Processing Language, React, Kusto Query Language, and the Common Information Model (CIM)
8. Knowledge and experience in leveraging cybersecurity threat intelligence, indicators of compromise, STIX/TAXII data feeds, MITRE ATT&CK, and SIEM integrations
9. Strong experience in networking principles, operating systems (Linux / Windows), and security tools such as IDS/IPS, firewalls, proxy servers, and Endpoint Detection and Response (EDR)
10. Knowledge of Windows Sysinternal Suite (including Sysmon), Unix auditd, and how to tune configuration files for identification of malicious activity

Required Skills

• Strong analytical and problem-solving skills
• Excellent communication and collaboration abilities
• Ability to work in a fast-paced environment and handle multiple priorities
• Continuous learning mindset to stay updated on the latest cybersecurity trends and threats

This position is contingent on contract award.