Center for Internet Security, Inc.

Cyber Threat Hunt Analyst - TS/SCI - Arlington, VA

Job Locations US-VA-Arlington
Cybersecurity Operations
Regular Full-Time


The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry leading best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats.


The primary purpose of this position is to be a subject matter expert in Digital Forensics Incident Response (DFIR) using endpoint detection response (EDR) technology to respond to cyber incidents impacting State, Local, Tribal and Territorial (SLTT) governments in conjunction with CISA’s Cybersecurity Division (CSD) teams. This position is employed by the Center for Internet Security, and will be located with the Cybersecurity and Infrastructure Security Agency (CISA) in Arlington, VA. The Threat Hunt analyst will partner with CISA’s HUNT team and will work to promote the CIS focus to expand and normalize information-sharing initiatives within CISA’s CSD.

What You'll Do

  • Perform queries and analysis of endpoints based on credible, relevant intelligence reporting to identify and assess activity that may be impacting SLTT governments in conjunction with CISA HUNT team
  • Assist in correlating and sharing data pertaining to incidents with CISA, CISA leadership, and the CIS teams
  • Review information from investigations and coordinate with CIS analysts to refine and enhance EDR tools and processes for better fidelity
  • Perform host-level Threat Hunting and Incident Response
  • Conduct incident response calls with SLTT governments
  • Other tasks and responsibilities as assigned

What You'll Need

  • Bachelor's degree in Digital Forensics, Cybersecurity, Computer Science, or related field*
  • 3+ years’ experience in DFIR and/or Security/Network Administration
  • Advanced experience in one or more of the following areas:
    • Incident response protocols, processes, and techniques
    • System and application security threats and vulnerabilities
    • Adversarial tactics, techniques, and procedures
    • Various host and network-based security controls
  • Experience preparing and delivering technical presentations/reports
  • Demonstrated experience as a contributing member of a threat intelligence or incident response team with hands-on experience dealing with Cyber Threat Actors, APT campaigns, and related Tactics, Techniques and Procedures (TTPs)
  • Strong time management, communication, attention to detail, and professional and interpersonal skills
  • Must have a Top Secret Security Clearance and be eligible to be granted SCI Suitability
  • The position is open to U.S. citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions**
  • Must be authorized to work in the United States

It's a Plus if You Have:

  • Highly proficient in the analysis of various log types (e.g. Windows Event, Web server, Firewall logs, etc…)
  • Experience with scripting languages such as Bash, Perl, or Python
  • Certifications in related areas (e.g. GCFE, GCFA, GNFA, GCIH, GREM, CCFE, CFCE, etc.)

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.


**Factors that may cause a negative Fitness Review decision include:

  • Criminal Conduct
  • Dishonest Conduct
  • Employment Misconduct
  • Alcohol Abuse
  • Drug Use (illegal drug use or use of a legal drug in a manner that deviates from approved medical direction) Additionally, illegal drug use includes the use of drugs that are illegal for federal purposes despite being legal in select states and countries, such as marijuana.)
  • False Statements
  • Financial Issues
  • Have not resided in the US for three (3) of the past five (5) years

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.




Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed