SME Cyber Threat Hunter (Forensics/Reverse Engineering) (Active Secret Clearance Required)

Clearance Level
Interim Secret
Cyber Security
Rosslyn, Virginia
Beltsville, Maryland

REQ#: RQ97090

Travel Required: Less than 10%
Requisition Type: Regular

Program Description: Serves as a SME Cyber Threat Hunter and Researcher in support of a major federal client.  This organization provides services that analyze and produce enhanced cyber security and threat intelligence information to include threats and potential threats to the customer’s information and information systems; provides timely and relevant technical analysis to assist with mitigating cyber threats confronting the Department; supports evaluation, implementation, and operations of tools/technologies used in advanced analysis. Responsible for the delivery of written and oral briefings to stakeholders and community partners across the Foreign Affairs community.  

Functional Duties:

The Cyber Threat Hunter and Researcher will support the customer’s overall cyber threat analysis efforts. Performs advanced analysis of adversary tradecraft, malicious code, and Advance Persistent Threat capabilities.   Analyzes computer, communication, network security events and exploits to determine security vulnerabilities and recommend remedial actions. Conducts forensic, malicious code, and packet-level analyses to develop comprehensive technical reports stepping through complete reverse engineering of incidents.  Recommends countermeasures based on the identified techniques, tactics, procedures, and behavior patterns used by adversaries.  This role is also responsible for developing alert criteria to improve incident response capabilities; as well as, contributes to development, writing, and reviewing of SOPs.

Candidate should possess experience with and knowledge of cyber threat and/or intelligence analysis.  Candidate should have proven expert written and oral communication skills to include experience with executive-level presentations. Candidate should have knowledge related to the current state of cyber international relations, adversary tactics, and trends. Candidate will possess the ability to work quickly, and a willingness to complete ad hoc, time sensitive assignments.


Candidates MUST possess an active secret clearance and be eligible to obtain a Top Secret.


  • A Bachelor’s Degree in Computer Science, Information Systems, Engineering, Telecommunications, or other related scientific or technical discipline is desired. Four (4) additional years of general experience (as defined below) may be substituted for the degree.

Certifications Desired:  GIAC Certified Incident Handler (GCIH), GIAC Certified Forensics Analyst (GCFA), Certified Ethical Hacker (CEH), Encase Certified Examiner (ENCE)

General Experience: 8 years of experience advanced technical analysis with increasing responsibilities. Demonstrated oral and written communications skills. 

  • Good working knowledge of cyber threat analytics
  • Previous experience working in cross functional and interdisciplinary project teams to achieve tactical and strategic objectives
  • Proven ability to document and teach team members how to apply advanced analytic techniques to solve complex problems
  • Solid understanding of enterprise IT cybersecurity operational environments

Specialized Experience:

  • Five years’ of experience in network security with a focus on computer forensics, static code reverse engineering, and advanced (packet) network analysis. Static code reverse engineering experience can be substituted by experience in similar skill in computer forensics, network analysis, mobile device forensics related to malicious code, network flow analysis, or other similar skill
  • Three years’ of experience in intelligence or technical analysis with a focus on cyber threat analysis.
  • Experience analyzing emerging technologies for potential attack vectors and developing mitigation strategies
  • Ability to evaluate offensive and intelligence-based threat actors based on motivation and common TTPs
  • Experience with gathering open-source and controlled intelligence to develop predictive understanding of adversarial strategies, priorities, and overlapping interests
  • Demonstrated expertise in deploying and maintaining open source network security monitoring and assessment tools
  • Experience writing contract deliverables such as Event Bulletins, Cyber Digests, and Quarterly Summary Reports   

COVID-19 Vaccination Requirement: To protect the health and safety of its employees and to comply with customer requirements, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.