Senior Threat Hunter (R-00136)

True Zero Technologies, a veteran-owned small business, was founded on the principle that the purposeful enablement of people and technology in an organization directly ties to the quality of its outcomes. True Zero recognizes that said outcomes begin and end with our people, and that is what we have built, a community of like-minded, driven, and passionate individuals and innovators who are aligned in a common goal of delivering top tier services to our customers. In 2023, True Zero was recognized as a “Best Places to Work” in two categories ("Prosperous and Thriving" ($5MM – $50MM in gross revenue) and "Mid-Atlantic Region" (DC, DE, MD, NC, VA, WV)) and in 2022, was recognized as one of Inc. Magazine’s Top 5000 Fastest Growing Companies.

Conducts proactive, hypothesis-driven threat hunting across the platform to identify adversary behaviors that evade detections. Builds repeatable hunt methods and translates discoveries into detection improvements and operational actions. Synthesizes signals from multiple tools and data sources to produce high-confidence findings. Helps mature hunting into an institutional capability, not a one-off activity.

Plan and execute hypothesis-based threat hunts across logs/telemetry.

Build and refine queries, reports, and hunt packages/playbooks.

Correlate multiple data sources and tools to validate suspicious activity.

Document findings and support translation into detections/controls.

Support automation opportunities for hunt workflows where appropriate.

Brief hunt outcomes and trends to stakeholders.

Bachelor’s degree (may be substituted with an additional 4+ years experience as stated).

5+ years experience with data hunting/manipulation/presentation.

Experience as manager/team lead managing projects/tasks against deadlines.

Skill generating queries/reports; ability to interpret data from multiple tools.

Experience with threat intelligence technologies including graphing/link analysis tools.

Experience with CTI concepts and using threat intel for technical analysis of enterprise assets.

Possess any 1 of : CISSP (associate), CCSP, SSCP, GCIH, GNFA, GCIA, AND any from the CSSP Analyst, Infrastructure Support or IR from DoD 8570.  

Active Secret clearance.