Affirmative Action, Analysis Skills, Artificial Intelligence (AI), Cloud Computing, Computer Network Defense (CND), Computer Science, Computer Security, Computer Telephony Integration (CTI), Concrete, Cyber Threat Hunting, Defense Intelligence, Documentation, Establish Priorities, Federal Government, Health Insurance, Hunting, Incident Response, Information/Data Security (InfoSec), Internet Security, Intrusion Detection Systems, Intrusion Prevention Systems, Inversion of Control (IoC), Leadership, Machine Tool, Malware, Malware Analysis, Metrics, Network Performance/Analysis, OSINT (Open Source Intelligence), Open Source, Operational Audit, Operational Measurement, Operations Security (OPSEC), Process Improvement, Project/Program Management, Reporting Dashboards, Reporting Skills, Reverse Engineering, Security Attacks, Security Information and Event Management (SIEM), Small Business, Team Player, Technical Analysis, Technical Delivery, Telemetry, Trend Analysis, Writing Skills
Revolutional delivers advanced technology solutions and mission support to federal agencies across civilian, health, and national security environments. We apply modern capabilities, including AI/ML, cloud, cybersecurity, and IT modernization to solve complex challenges, enable faster and more secure operations, and drive measurable mission outcomes.
We are redefining how federal technology gets built and delivered by operating with a product mindset, prioritizing speed, ownership, and execution over bureaucracy.
Senior Threat Hunter Analyst
Location: Washington, DC, Ft. Collins, CO, or Kansas City, MO (remote optional, local preferred)
Terms: Full-time
Clearance: Active Top Secret required
Travel: 0-10%
Project Description
This position supports a large-scale federal security operations program delivering 24/7/365 continuous monitoring, intrusion detection, threat hunting, incident response, and threat intelligence across a complex enterprise network environment. The threat hunting function operates at the leading edge of the program's defensive posture — finding what automated tools miss before it becomes a confirmed incident.
The core challenge: proactively hunting adversary activity across a large, high-complexity enterprise network, supporting active incident response, and producing intelligence products that sharpen the program's detection and response capabilities over time.
Position Description
As a Senior Threat Hunter Analyst at Revolutional, you operate ahead of the threat — proactively hunting for undetected adversary activity across enterprise networks before it surfaces through automated detection. You are a technically deep practitioner who combines hunting tradecraft with malware analysis capability, incident response support, and the discipline to produce IOC reports, after-action reviews, and security metric reporting that make the program measurably better over time.
You work in close coordination with the Cyber Threat Intelligence team, maintaining threat indicator feeds that keep your hunts current and your findings actionable. You conduct CND triage, support active incidents with analysis, and author finished intelligence products from open-source portals. Your output reaches both technical peers and program management.
What You Will Own
- Proactive threat hunting across enterprise network environments for undetected adversary activity
- Malware analysis in support of hunt findings and incident response
- CND triage and analysis support for active incident response operations
- Threat indicator feed maintenance in coordination with the Cyber Threat Intelligence team
- IOC report authorship from open-source intelligence portals
- After-action and lessons-learned documentation for significant hunts and incidents
- Security event and metric reporting for program management
Responsibilities
- Proactively hunt for undetected cyber threats across enterprise network environments using network flow, PCAP, log data, endpoint telemetry, and SIEM data; operate ahead of automated detection capabilities
- Conduct Computer Network Defense (CND) triage: assess alerts and anomalies, determine threat validity, and prioritize findings for response or further investigation
- Provide analysis support to incident response operations; contribute host and network analysis, malware triage, and attacker TTP reconstruction during active incidents
- Perform malware analysis on samples collected during hunts and incidents; identify behavioral indicators, persistence mechanisms, and IOCs for operationalization
- Maintain and update threat indicator feeds in coordination with the Cyber Threat Intelligence team; ensure hunt operations are informed by current intelligence
- Author IOC reports from open-source intelligence portals; package findings into finished products suitable for both technical teams and program leadership
- Prepare after-action reports and lessons-learned documentation following significant hunts and incidents; identify detection gaps and recommend improvements
- Produce security event and metric reports for program management; communicate hunt findings, detection trends, and program health in clear, data-supported terms
- Develop and maintain reusable hunt tactics, SIEM queries, and detection logic that improve the program's long-term detection capability
- Stay current on adversary TTPs, malware families, threat actor trends, and emerging attack techniques relevant to the federal enterprise environment
What You Bring (Requirements)
Baseline Requirements
- Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
- 5 or more years of experience in threat hunting, security operations, or a closely related technical discipline
- Active Top Secret clearance required
Technical & Domain Capabilities
- Demonstrated experience proactively hunting for adversary activity across enterprise networks using hypothesis-driven and intelligence-driven hunt methodologies
- Hands-on IDS/IPS experience: signature review, alert triage, anomaly identification, and tuning to reduce noise and improve detection fidelity
- Proficiency with SIEM platforms: search language, query development, correlation rule creation, dashboard operations, and metric reporting
- Malware analysis experience including behavioral analysis, static review, IOC extraction, and identification of adversary tooling and techniques
- Experience conducting CND triage and supporting incident response with technical analysis under operational tempo
- Experience authoring IOC reports and finished intelligence products from open-source intelligence (OSINT) portals
- Experience preparing after-action reports and lessons-learned documentation that drive concrete defensive improvements
- Familiarity with MITRE ATT&CK framework applied to hunt hypothesis development and TTP mapping
- Current knowledge of adversary TTPs, threat actor trends, and the evolving federal cybersecurity threat landscape
Core Strengths
- Proactive and analytically driven — you hunt because you assume the adversary is already in, and you don't stop until the evidence tells you otherwise
- Technically fluent across hunting, malware analysis, and incident response — you shift between disciplines fluidly as the mission demands
- Strong written communicator: your IOC reports, after-actions, and metric reports are clear, accurate, and written for the audience
- Collaborative partner to threat intelligence and incident response teams — your findings feed the broader program, not just your own queue
Certifications
One or more of the following is strongly preferred:
- GCIH (GIAC Certified Incident Handler), GCIA (GIAC Certified Intrusion Analyst), GCTI (GIAC Cyber Threat Intelligence), GREM (GIAC Reverse Engineering Malware), CySA+, or equivalent
Nice to Have (Differentiators)
- Experience threat hunting in a federal civilian, defense, or intelligence SOC environment
- Proficiency scripting in Python or equivalent for hunt automation and IOC enrichment workflows
- Experience with threat intelligence platforms (TIPs) and integrating CTI data into active hunt operations
- Background in advanced malware reverse engineering or exploit analysis
- Familiarity with cloud-native hunting across commercial or GovCloud environments
#DICE #LinkedIn
___________________________________________________________________________________________________________
Here at Revolutional we are pleased to have been repeatedly recognized for our outstanding work culture, the innovative work we do, and the employees on our team who make a difference each day. Some of these recognitions include:
- Recognized as a Top 20 "Best Place to Work in Virginia"
- Recipient of Department of Labor's HireVets Gold Medallion
- Great Place to Work Certification for five years running
- A Virginia Chamber of Commerce Fantastic 50 company
- A Northern Virginia Technology Council Tech 100 company
- Inc. 5000 list of fastest growing companies for eleven years
- Two-time SBA SBIR Tibbett's Award winner
- Virginia Values Veterans (V3) Certification
We recognize that every bit of our success is the result of our teams of hard-working, motivated, and innovative professionals who are proud to call themselves part of the Revolutional family! In addition to competitive compensation, a family-focused culture, and a dynamic, productive work environment, we offer all full-time employees a variety of benefits including, but not limited to
- Traditional and HSA- eligible medical insurance plans
- 100% employer-paid dental and vision insurance options
- 100% employer-sponsored STD, LTD, and life insurance
- 5% 401(k) company matching
- Flexible-schedules and teleworking options
- Paid holidays and PTO Accrual Plans
- Paid Parental Leave
- Professional development and career growth opportunities
- Team and company-wide events, recognition, and appreciation-- and so much more!
Check out our Revolutional | LinkedIn to find out a little more about who we are and if we are the right next step for your career!
Revolutional is an Equal Opportunity Employer providing equal employment opportunity to all employees and applicants for employment without regard to race, color, religion, national origin, age, gender, gender identity, sexual orientation, disability, or genetics. Revolutional does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans. To perform the above job successfully, an individual must possess the knowledge, skills, and abilities listed; meet the education and work experience required; and must be able to perform each essential duty and responsibility satisfactorily. Other duties in addition to those listed may be assigned as necessary to meet business needs. Reasonable accommodation will be made to enable an applicant with a disability to successfully apply for and/or perform the essential duties of the job. If you are in need of an accommodation, please contact HR@harmonia.com
.