Hunter Strategy

• Perform static and dynamic malware analysis using tools such as Detect It Easy, System Informer, and API Monitor to build attack chains and support emulation development. • Reverse engineer payloads and scripts to document execution behavior in detail. • Write emulations in languages such as C++, PowerShell, C#, and others to emulate malware behavior identified during analysis. • Develop detection logic based on emulations and malware analysis findings. • Identify telemetry gaps in Sysmon, auditd, EDR, and other data sources to improve detection coverage. • Produce high-quality technical reports with executive-level summaries of findings. • Debug malware and emulations using tools such as x64dbg, WinDbg, or other debuggers. • Analyze applications for vulnerabilities using reverse engineering and debugging tools. • Correlate events across incidents and malware behaviors identified during malware analysis. • Conduct hunt activities from a detection engineering perspective.

• Develop and deploy analytical models on data and processes to generate insights, support automation, and improve decision-making. • Collaborate with digital product teams and internal stakeholders to shape, enable, and migrate production workflows. • Apply statistics, artificial intelligence, and machine learning techniques to large data sets. • Use multiple programming languages and data transformation tools to support model development and analysis. • Work with databases, data structures, and data architectures to support scalable analytical solutions. • Create visualizations, presentations, and clear quantitative summaries for technical and non-technical audiences. • Explore and adopt new technologies provided by IT engineering and cybersecurity teams. • Work independently with limited supervision while maintaining strong attention to detail and effective team collaboration. • Mentor junior cyber data scientists.

• Ensure that the appropriate telemetry in all public and private clouds is appropriate to meet cybersecurity use cases. • Ensure that the appropriate data normalization, aggregation, and context is provided to meet cybersecurity detection, threat hunt, incident response, governance, and compliance functions. • Knowledge about log collection and routing for AWS and Azure cloud environments, including data plane and control plane logs and ability to design data logging and routing architectures.

• Deploy and maintain secure infrastructure solutions including: • Endpoint Security Solutions (Defender, Crowdstrike, SentinelOne, etc.) • SIEM Technology (Sentinel, SecOps, Splunk, etc.) • MDM (Intune, Jamf, etc.) Solutions • Manage and monitor security controls across various systems and cloud platforms. • Collaborate with MSSP clients and cross-function teams to ensure security best practices are implemented. • Design, Develop, and Deploy SIEM/Log Management solutions to enable SOC monitoring. • Act as a subject matter expert and provide guidance on security-related recommendations to clients.

About Our Internship Program Our summer internship program offers emerging cybersecurity professionals a unique opportunity to gain hands-on experience in threat hunting. As a Threat Hunting intern, you’ll be fully embedded within a team for 12 weeks, working alongside experienced hunters on actual investigations, learning the craft from the inside, and building skills that directly reflect what the industry demands. What We Offer • Customized Experience: We match qualified interns with projects and teams based on their interests and skill sets • Real-World Hunts: Contribute meaningfully to live threat hunting operations, not simulated exercises • Dedicated Mentorship: Receive one-on-one guidance from experienced senior threat hunters • Full Team Integration: Experience what it is truly like to work in a mature security team by becoming a valued contributor from day one The Role You will be joining a threat hunting team focused on hypothesis-driven detection of adversary activity across client environments. The team’s mission is to surface what automated tools miss: the subtle, low-and-slow behaviors that signal a determined attacker. As an intern, you will support senior hunters across every phase of the hunt lifecycle, learning by doing and contributing real work to ongoing investigations. As a Threat Hunting Intern, you’ll: • Support senior threat hunters in executing structured hunt missions from initial hypothesis through to final reporting, participating in every phase of the process • Conduct searches and queries across SIEM and EDR platforms to surface anomalous behaviors and gather evidence to validate or refute active hunt hypotheses • Assist in organizing and maintaining hunt hypothesis logs, tracking the reasoning behind each hypothesis, the data sources queried, and the outcomes as hunts progress • Validate hunt results by cross-referencing detections against environmental baselines, threat intelligence, and known-good behavior, distinguishing true positives from noise and documenting your reasoning clearly • Contribute to the drafting of final hunt reports, helping to summarize methodology, findings, and recommendations in a format suitable for both technical team members and non-technical readers • Communicate the results of completed hunts internally, presenting findings in written summaries, team updates, or channel posts with appropriate technical clarity • Assist senior hunters in refining and testing detection queries, helping to identify edge cases, validate logic against real data, and suggest improvements based on observed patterns • Support triage and contextualization of security findings that surface during hunt operations, helping to prioritize and document what matters • Contribute to team knowledge resources by helping document search patterns, field references, hunt playbooks, and lessons learned from completed hunts • Stay current on emerging threats and adversary techniques, bringing relevant threat intelligence into hypothesis discussions and helping connect external context to active hunt priorities Qualifications • Currently pursuing a degree in Cybersecurity, Computer Science, Information Systems, or a related field; or equivalent demonstrated experience through self-study, competitions, or independent work • Demonstrated interest in cybersecurity evidenced through personal projects, CTF participation, home labs, coursework, or active engagement with the security community • Foundational understanding of networking concepts including TCP/IP, DNS, and common protocols, with an ability to recognize when traffic or behavior looks out of place • Basic familiarity with Windows and/or Linux operating systems: understanding of processes, file systems, and logs at a level that supports security investigation • Some exposure to query languages such as KQL, SPL, SQL, or similar; comfort writing structured searches to filter and investigate data is a strong advantage • Awareness of attacker tactics, techniques, and procedures (TTPs) and familiarity with frameworks such as MITRE ATT&CK at a conceptual level • Strong written communication skills, as you will be contributing to internal findings summaries and hunt reports read by experienced practitioners • Detail-oriented and curious working style: the ability to follow evidence methodically, ask the next question, and challenge initial assumptions is central to this work • Comfortable working under the direction of senior team members, asking questions, communicating findings proactively, and flagging blockers early • Any prior exposure to security tooling such as a SIEM, EDR, or log analysis platform is a plus, but not required; we will teach you what you need Program Details Duration: 12 weeks Location: Remote Reports to: Senior Threat Hunter

As a HUBZone-certified company, this general consideration posting is intended for candidates who may be eligible for current and future opportunities across our teams. Why Apply Here Great talent doesn’t always align perfectly with open roles and we don’t want to miss the opportunity to connect. This general application allows you to join our HUBZone talent pipeline. When new contracts are awarded or positions open, we look here first to identify candidates who are already aligned with our work and mission. Areas We Typically Hire In We regularly hire across a variety of disciplines, including: - Cybersecurity (engineering, analysis, compliance, operations) - Cloud (architecture, engineering, migration, managed services) - Software Development (full-stack, DevSecOps, systems integration) - Program & Project Management - Contracts, Procurement & Compliance - IT Operations & Managed Services - Administrative & Operations Support HUBZone Residency Hunter Strategy is headquartered in a designated HUBZone, and our certification is central to how we compete for and win work that benefits our clients and our community. To maintain this certification, at least 35% of our workforce must live in a federally designated HUBZone — making where you live an important part of our hiring picture. If you’re not sure whether your address qualifies, you can check using the SBA’s HUBZone map. Hunter Strategy may verify HUBZone residency as part of the hiring process.

• Support risk assessments and help identify potential security and compliance gaps • Assist with documenting policies, procedures, and security controls • Help track and manage compliance requirements (e.g., NIST, ISO, or other frameworks) • Participate in audit preparation and evidence collection • Collaborate with technical teams to understand and document security processes • Contribute to improving governance processes and risk visibility across the organization • Learn how security concepts translate into business and regulatory requirements

• Monitor open-source intelligence (OSINT) feeds for relevant threat information • Collect and organize indicators of compromise (IOCs) from various sources • Learn to use threat intelligence platforms and tools • Track security bulletins, vulnerability announcements, and vendor advisories • Analyze threat data under the guidance of senior analysts • Map threat activities to frameworks such as MITRE ATT&CK • Research threat actors and their tactics, techniques, and procedures (TTPs) • Assist in creating threat intelligence reports and briefings • Participate in intelligence sharing discussions and team meetings

• Design and implement real solutions that support and secure our systems and data • Get your hands dirty building and testing security infrastructure • Turn security concepts into working code and automation • Tackle complex problems with creative solutions • Learn by doing, not just by watching

• Design, develop, configure, and maintain ServiceNow applications, workflows, and platform capabilities to support enterprise IT Service Management (ITSM) and service desk operations. • Implement and manage Service Request workflows and Service Catalog offerings, including request intake, automated triage, routing, approvals, and fulfillment processes to streamline service delivery. • Develop and maintain integrations between ServiceNow and enterprise platforms, including monitoring, identity management, and security tools such as Splunk, using REST APIs and data formats such as XML and JSON. • Develop and optimize workflow automation and orchestration within ServiceNow to reduce manual service desk tasks, improve operational efficiency, and enable automated ticket creation and response coordination. • Configure and customize ServiceNow applications, forms, user interfaces, and automation logic to enhance usability and support evolving service management requirements. • Develop dashboards, reports, and operational metrics within ServiceNow to support service desk performance monitoring, operational visibility, and decision-making. • Collaborate with infrastructure, cybersecurity, and platform engineering teams to ensure ServiceNow workflows support incident response, vulnerability management, and operational resilience processes. • Support platform lifecycle activities, including testing, release management, deployment, and implementation of new ServiceNow capabilities and enhancements. • Provide production support and troubleshooting for the ServiceNow platform, resolving defects, maintaining system stability, and supporting end users. • Document system configurations, updates, and operational procedures to ensure accurate technical documentation and knowledge transfer. • Support the implementation of AI-enabled ServiceNow capabilities, including predictive intelligence, virtual agents, automated ticket classification, and intelligent routing.