ECS

SOC Threat Hunter

ECS$90K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years in cybersecurity operations, threat hunting, or related roles
  • Hands-on experience with SIEM, EDR, and network security tools
  • Strong understanding of attacker techniques and enterprise security controls
  • Experience developing detection logic and analytical procedures
  • Ability to analyze and interpret large volumes of security data
  • Excellent written communication skills for clear documentation of findings
  • U.S. Citizenship with ability to obtain a DOE 'L' clearance

Responsibilities

  • Develop and execute hypothesis-driven hunts across various data sources
  • Analyze anomalous behavior and identify attacker tactics
  • Utilize security tools to detect potential compromises
  • Validate findings and assess escalation needs to incident response
  • Translate hunt findings into detection improvements and use cases
  • Conduct research on emerging threats and adversary behaviors
  • Support investigations by correlating security events and recommending actions

Benefits

  • Opportunity to work in a dynamic SOC environment with 24/7 operations
  • Exposure to advanced security technologies and threat intelligence
  • Collaboration with a diverse team of security professionals
  • Possible career growth and skill development in cybersecurity
  • Ability to contribute to the development of cutting-edge detection methods
Full Job Description
SOC Threat Hunter to work in our Portland, OR office. Note: This position is contingent upon contract award.

The Threat Hunter proactively identifies, investigates, and helps mitigate advanced cyber threats that may evade automated detection and traditional monitoring. This role develops threat hypotheses, analyzes endpoint, network, cloud, identity, and security event data, and conducts structured hunts to uncover suspicious behaviors, attacker techniques, and control gaps.

The ideal candidate has strong analytical skills, hands-on experience with security monitoring and investigation tools, and the ability to translate threat research into repeatable hunt procedures, detection improvements, and actionable findings for SOC, incident response, engineering, and threat intelligence stakeholders.

This role involves shift work schedule to support our 24/7 operation, including weekends and holidays. Candidates must be flexible in their availability. While we make every effort to accommodate individual preferences, it's essential to understand that specific shift requests are not guaranteed and are assigned based on operational needs.

Key Responsibilities

Threat Hunting & Analysis
  • Develop and execute hypothesis-driven hunts across enterprise, cloud, endpoint, identity, and network data sources
  • Analyze anomalous behavior, suspicious activity, and attacker tactics, techniques, and procedures (TTPs)
  • Use SIEM, EDR, network, log analytics, and threat intelligence tools to identify potential compromise or unauthorized activity
  • Validate hunt findings, assess potential impact, and determine whether escalation to incident response or SOC operations is required

Detection Development & Improvement
  • Translate hunt findings into detection logic, analytic requirements, alert tuning recommendations, and monitoring use cases
  • Identify gaps in logging, visibility, correlation logic, and alert coverage
  • Partner with SOC analysts, Splunk engineers, security engineers, and threat intelligence analysts to improve detection fidelity and coverage
  • Support development of repeatable hunt playbooks, queries, dashboards, and analytic procedures

Threat Research & Intelligence Application
  • Research emerging threats, adversary behaviors, malware trends, vulnerabilities, and exploitation techniques relevant to the environment
  • Map threat activity and hunt hypotheses to recognized frameworks such as MITRE ATT&CK
  • Incorporate threat intelligence into hunt planning, detection enhancement, and investigative workflows
  • Provide feedback to threat intelligence teams on observed activity, intelligence gaps, and collection priorities

Investigation Support & Escalation
  • Support advanced investigations by correlating security events, system activity, user behavior, and contextual data
  • Document investigative steps, evidence, conclusions, and recommended follow-up actions
  • Coordinate with SOC Tier 2 and Tier 3 analysts, forensics personnel, and incident response teams during escalations
  • Assist with post-incident hunt activity to identify related indicators, lateral movement, persistence, or additional affected assets

Reporting & Continuous Improvement
  • Produce clear hunt reports, summaries, findings, and recommendations for technical and leadership audiences
  • Track hunt outcomes, recurring patterns, detection gaps, and operational metrics
  • Contribute to continuous improvement of SOC processes, analytic standards, and knowledge management resources
  • Stay current with adversary tradecraft, detection engineering practices, and security analytics techniques


  • U.S. Citizenship with ability to obtain and maintain a DOE "L" clearance after start.
  • 5+ years of experience in cybersecurity operations, threat hunting, incident response, detection engineering, security monitoring, or related roles
  • Hands-on experience using SIEM, EDR, network security, endpoint telemetry, cloud logging, and/or log analytics platforms
  • Strong understanding of adversary tactics, techniques, and procedures; common attack paths; and enterprise security controls
  • Experience developing or using hunt hypotheses, detection logic, investigative queries, and analytic playbooks
  • Ability to analyze large volumes of security data and distinguish suspicious activity from benign behavior
  • Strong written communication skills, including the ability to document findings, evidence, and recommendations clearly

About ECS

ECS is a leading provider of digital solutions and services to the federal government. The company was founded in 2001 by Roy Kapani and has since grown to become a trusted partner to a wide range of government agencies. ECS offers a broad range of services, including cloud computing, cybersecurity, and artificial intelligence. The company has been recognized for its innovative solutions and has won numerous awards, including the AWS Public Sector Partner of the Year award.
Learn more about ECS
Size
2,000 employees
Industry

Similar Jobs

More Jobs at ECS

  • ECS
    Account Portfolio Leader
    $130K — $180K *
    Arlington, VA 22204 (Arlington County)
    Education, Government & Non-Profit
    In-Person
  • ECS
    Senior Security Engineer
    $100K — $140K *
    Portland, OR 97229 (Washington County)
    Technical Services
    In-Person
  • ECS
    Scientist - Advanced Microsystems
    $150K — $220K *
    Arlington, VA 22204 (Arlington County)
    Aerospace & Defense
    In-Person
  • ECS
    Capture Director
    $130K — $180K *
    Fairfax, VA 22030 (Fairfax City County)
    Information Technology
    In-Person
  • ECS
    SOC Tier 2 Analyst
    $75K — $95K *
    Portland, OR 97229 (Washington County)
    Information Technology
    In-Person

More Information Technology Jobs

Find similar SOC Threat Hunter jobs: