Can I apply directly for this job on this page?

You can apply directly on this page using our quick application form. Your application is sent immediately to the hiring team, and no account is required.

What is the role of a CBO - Tier 3 / Threat Hunter at cFocus Software Incorporated?

The CBO - Tier 3 / Threat Hunter position at cFocus Software Incorporated is a Full-Time opportunity in the relevant field.

Where is this CBO - Tier 3 / Threat Hunter job located?

Washington, District of Columbia, 20001, United States

What industry does this CBO - Tier 3 / Threat Hunter position belong to?

This role spans multiple industries.

What is the expected salary for this CBO - Tier 3 / Threat Hunter job?

Compensation will be discussed during the hiring process.

CBO - Tier 3 / Threat Hunter job near me in Washington, District of Columbia at cFocus Software Incorporated | Jobs and Employment

Job Description

cFocus Software seeks a Tier 3 / Threat Hunter to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance.

Qualifications:

Active Public Trust clearance
B.S. Computer Science, Information Technology, or a related field
7+ years of experience in cybersecurity operations, threat hunting, or incident response
Strong experience with Microsoft Sentinel and Kusto Query Language (KQL)
Hands-on experience with Microsoft Defender XDR (Endpoint, Identity)
Experience analyzing logs across cloud (AWS), network, and endpoint environments
Strong knowledge of MITRE ATT&CK framework and adversary techniques
Experience with digital forensics and malware analysis
Ability to conduct root cause analysis and develop remediation strategies
Experience working in 24x7 SOC environments
Preferred certifications include but are not limited to
- GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
- Microsoft Sentinel or Microsoft security platform certifications
- Relevant cloud security certifications (e.g., AWS security)
- Privacy certifications (e.g., CIPP/US, CIPM) where applicable

Duties:

Conduct proactive threat hunting across identity, endpoint, network, and cloud telemetry
Lead advanced incident investigations including root cause analysis and forensic analysis
Develop and tune detection logic and analytics within Microsoft Sentinel (KQL)
Perform correlation of multi-source telemetry aligned to MITRE ATT&CK framework
Analyze logs from Microsoft Defender (Endpoint, Identity), AWS, firewalls, VPNs, and other sources
Support incident containment, eradication, and recovery activities
Develop and improve threat hunting hypotheses based on intelligence and trends
Validate and refine detection use cases and monitoring capabilities
Support red team / purple team exercises and adversary emulation
Produce detailed incident reports, including timelines and remediation recommendations
Identify security gaps and recommend mitigation strategies
Collaborate with Tier 1 and Tier 2 analysts to improve triage and escalation processes