• Lead proactive threat hunts to identify patterns, anomalies, and behaviors associated with known and emerging adversary TTPs. • Configure and optimize advanced security tools to enhance detection fidelity and coverage. • Lead and execute complex threat investigations across customer environments. • Provide analytical support throughout the full incident lifecycle, including identification, containment, eradication, and recovery. • Research emerging threats and adversary techniques to develop actionable intelligence and effective detection strategies. • Translate intelligence into practical hunting methodologies and detection improvements. • Produce detailed technical incident reports and contribute to executive-level summaries. • Clearly communicate findings, risk, and remediation guidance to both technical and executive stakeholders. • Develop and maintain Armis platform policies, dashboards, and customer-specific monitoring use cases. • Partner with internal teams to automate workflows, enhance tooling, and improve service delivery efficiency. • Design and maintain standardized, reusable threat hunting playbooks to scale and operationalize MTS capabilities. • Contribute feedback and prioritization input to product and feature development. • Serve as a trusted advisor and thought leader for assigned customers on risk management, detection optimization, and response maturity. • Act as a recognized subject matter expert internally and externally. • Coach and mentor junior team members, fostering technical growth, collaboration, and continuous learning.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description We are seeking Threat Hunting Analysts – Cyber Security Specialist II (T&M) who will play a pivotal role in strengthening our Security Operations Center (SOC) capabilities at Stennis Space Center or through approved telework. In this role, you'll use advanced detection, forensics, and incident response expertise to identify sophisticated threats and protect critical federal systems. - Leading Innovative Cybersecurity Initiatives: Proactively hunt for anomalous behavior, adversary techniques, and emerging threats using advanced detection platforms and methodologies. - Collaborative Security Operation Support: Work alongside SOC analysts, forensic specialists, incident responders, and federal stakeholders to improve detection, response, and cyber defense operations. - Strategic Cyber Threat Analysis: Analyze threat actor behaviors, TTPs, and indicators of compromise to inform enterprise defensive strategy and security posture. - Engagement & Communication: Communicate findings, risks, and recommended mitigations to technical and non-technical stakeholders. Provide actionable intelligence that enhances mission success. Qualifications - Each Threat Hunting Analyst must hold and maintain at least two active certifications, including but not limited to: Security+, GCIH, ISC2 CISSP, GSE, GREM, GAWN, GCIA, GPPA, GSEC, GCED, GSLC, GSNA, GCFA, or other comparable certifications approved in advance by the Security Operations Branch PM. - BA/BS or minimum three years of experience in forensics and incident response. - Minimum two years of experience with Splunk, Wireshark, or comparable tools (approval required by Security Operations Branch PM on a case-by-case basis). Requirements - Ability to attain a Final TOP SECRET/SCI Clearance. - Must meet SCI eligibility (ICD 704) with no waivers or conditions. - Must be a sole U.S. Citizen under federal contract requirements. Core Competencies - Advanced analytical skills to investigate complex attacks and anomalies. - Technical expertise across threat hunting, malware analysis, packet analysis, and enterprise logging. - Strong communication skills to clearly articulate findings. - Leadership and collaboration skills to work in fast-paced cyber environments. - Commitment to supporting critical federal missions and national security. Expectation Timeline - Day One: Orientation to Aretec, mission goals, and SOC operations; Begin access process for clearance and technical systems; Meet team members, leadership, and federal stakeholders. - Day Thirty: Begin actively participating in threat hunts and investigations; Understand environment topology, logging sources, and detection use cases; Demonstrate familiarity with required tools (Splunk, Wireshark, etc.). - Day Sixty: Take ownership of assigned hunts or analytic areas; Contribute to strategic threat detection enhancements; Support incident response through findings and forensics insights. - Day Ninety: Lead complex threat hunts and investigations; Develop new detection logic, SOPs, and process improvements; Mentor junior analysts and contribute to continuous SOC maturity.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description This position engages in the identification, tracking, monitoring, containment and mitigation of information security threats. He/She performs quality assurance functions to validate that existing methods of research are successful in identifying and documenting security incidents. This position defines procedures for analysis and makes adjustments as technologies and methodologies advance. - Assesses, prioritizes and takes action on requests that improve existing Security Operation Center (SOC) tools and procedures. - Partners with management to coordinate security incident response efforts to communicate information, drive resource actions and decisions, provide recommendations, and ensure resolution. - Evaluates and analyzes complex malicious code through the use of tools including disassemblers, debuggers, hex editors, un-packers, virtual machines and network sniffers. - Conducts reverse-engineering for known and suspected malware files. - Investigates instances of malicious code to determine attack vector and payload, and to determine the extent of damage and data exfiltration. - Performs research in the area of malicious software, vulnerabilities, and exploitation tactics, and recommend preventative or defensive actions. - Produces reports detailing attributes and functionality of malware, and indicators that can be used for malware identification/detection, to include behavior, identified infrastructure used for command and control, and mitigation techniques. - Analyses the relationship between a given sample of malware and other known samples/families of malware, and notable features that indicate the origin or sophistication of the malware and its authors. Qualifications - 2-3 years' experience as Security Operations Center (SOC) Analyst including Incident Response and Handling roles - Experience in Malware Reverse Engineering and Sandboxing - Experience with IBM QRadar - Significant experience with Linux, TCP/IP, UNIX, MS-Windows, IP Routing, Firewalls and IPS - Understanding of behavioral based threat models, including ATT&CK, Cyber Kill Chain, Diamond Model, etc. - Deep understanding of advanced cyber threats targeting enterprises, along with the tools, tactics, and procedures used by those threats - Demonstrated experience using Open Source (OllyDbg, Radare, GDB, etc.) malware analysis tools - Ability to analyze shellcode, and packed and obfuscated code, and their associated algorithms - Ability to develop network and host based signatures to identify specific malware. Recommend heuristic or anomaly based detection methods - Subject matter expertise in the detection, analysis and mitigation of malware - Experience with Information Security Research, Malware Reverse Engineering, Cyber Threat Analysis, Windows Operating System and Data Analysis - Knowledge of Research skills, Technical Writing, Information Security Research, Security Incident Response, Security Risk Assessment/Analysis - Bachelor’s Degree or International equivalent - Preferred Company Description

About Us Since 1989, SHI International Corp. has helped organizations change the world through technology. We’ve grown every year since, and today we’re proud to be a $16 billion global provider of IT solutions and services. Over 17,000 organizations worldwide rely on SHI’s concierge approach to help them solve what’s next. But the heartbeat of SHI is our employees – all 7,000 of them. If you join our team, you’ll enjoy: - Our commitment to diversity, as the largest minority- and woman-owned enterprise in the U.S. - Continuous professional growth and leadership opportunities. - Health, wellness, and financial benefits to offer peace of mind to you and your family. - World-class facilities and the technology you need to thrive – in our offices or yours. Job Summary The Senior CTI Consultant leads cyber threat intelligence delivery by converting intelligence analysis into measurable operational outcomes, including detection opportunities, hunt enablement, and crossfunctional improvement across SOC/DE/IR workflows. This role involves analyzing emerging threats, providing strategic insights, and advising clients on effective cybersecurity measures. The consultant will collaborate with cross-functional teams to enhance threat detection and response capabilities. Role Description - Conduct cyber threat intelligence analysis focused on adversary tactics, techniques, and procedures (TTPs) relevant to client environments. - Lead complex intelligence workstreams by validating high-risk exposures, managing escalations, and ensuring consistent service levels and quality across deliverables. - Develop and maintain actionable intelligence outputs by reviewing, prioritizing, and operationalizing intelligence briefs, detection opportunities, and vulnerability intelligence that is aligned to client’s risk and organizational goals. - Translate TTP-driven intelligence into actionable threat hunting and detection engineering outputs, including hunting hypothesis, hunt guidance, and detection recommendations - Deliver Tier 2/3 reporting such as operational intelligence briefs, detection opportunity reporting, and vulnerability exploitation likelihood outputs aligned to client priorities. Function in threat hunting and detection engineering spaces by translating TTP-driven intelligence into: - hunting hypotheses and scoped hunt guidance, and/or - detection recommendations (queries/rules), signal/noise expectations, and tuning guidance - Provide intelligence support during investigations/incidents and help teams connect external signals to internal telemetry and response decisions. Serve as a trusted intelligence consultant to internal and client stakeholders, helping translate threat intelligence into informed security decisions for clients. Assess the effectiveness of intelligence outputs by including feedback from detection, SOC analysts, and incident response teams. - Mentor junior analysts/consultants, improve internal processes, and help scale standardized playbooks and reporting quality. - Stay current with industry risks and trends and participate in threat sharing communities. Behaviors and Competencies - Communication: Can effectively communicate complex ideas and information to diverse audiences, facilitate effective communication between others, and mentor others in effective communication. - Relationship Building: Can take ownership of complex team initiatives, collaborate with diverse groups, and drive results through effective relationship management. - Self-Motivation: Can take ownership of complex personal or professional initiatives, collaborate with others when necessary, and drive results through self-motivation. - Negotiation: Can take ownership of complex negotiations, collaborate with others, and drive consensus. - Impact and Influence: Can rally a team or group towards a common goal, creating a positive and persuasive influence. - Business Development: Can take ownership of significant business initiatives, collaborate with various stakeholders, and drive business results. - Emotional Intelligence: Can use emotional information to guide thinking and behavior, manage and/or adjust emotions to adapt to environments or achieve one’s goal(s), and help others do the same. - Detail-Oriented: Can oversee multiple projects, maintaining a high level of detail orientation, identifying errors or inconsistencies in work, and ensuring accuracy across all tasks. - Follow-Up: Can take ownership of tasks, collaborate with others in managing follow-ups, and drive results through effective task completion. - Presenting: Can effectively use visual aids, storytelling, and persuasive techniques to enhance presentations and engage audiences. - Delegation: Can delegate responsibilities across a team, balancing workload, and ensuring all members understand their roles. - Analytical Thinking: Can use advanced analytical techniques to solve complex problems, draw insights, and communicate the solutions effectively. - Critical Thinking: Can integrate and synthesize information from various sources to inform strategic decision-making and problem-solving. - Technical Troubleshooting: Can take ownership of complex technical problems, collaborate with others to manage solutions, and drive results in problem resolution. Skill Level Requirements - Expertise in security‑relevant cyber threat intelligence collection, validation, and analysis, including identification of credential/session exposure, initial access activity, malicious infrastructure, adversary targeting, and exploitation trends — Expert - Proficiency in applying the cyber threat intelligence lifecycle (requirements definition, collection, processing, analysis, dissemination, and feedback) to deliver validated, actionable intelligence aligned to customer Priority Intelligence Requirements (PIRs) — Expert - Ability to assess, prioritize, and communicate external threats and exposures using evidence‑based analysis and industry‑accepted mitigation guidance, ensuring intelligence is actionable by SOC, IR, Detection Engineering, and Identity teams — Expert - Expert ability to translate adversary behavior, TTPs, and campaign activity into operational intelligence outputs, including high‑priority notifications, investigation pivots, detection opportunities, and threat‑informed response guidance — Expert - Experience supporting threat hunting and detection engineering efforts, including development of behavior‑first hypotheses, detection opportunity recommendations, and signal/noise considerations — Expert - Advanced analytical skills to examine, normalize, correlate, and model disparate data sets (OSINT, dark‑web sources, telemetry summaries, vulnerability data, and incident context) to draw defensible conclusions and support decision‑making — Expert - Strong proficiency in producing finished intelligence products (alerts, operational briefs, executive summaries, trend analysis, and campaign narratives) tailored to both technical and non‑technical audiences — Expert - Ability to manage and execute complex intelligence workstreams to completion, ensuring quality, timeliness, stakeholder alignment, and adherence to defined notification models and service‑level objectives — Expert - Working knowledge of common security platforms and environments (identity providers, EDR/XDR, SIEM, email security, network controls, vulnerability management) sufficient to contextualize intelligence and recommend appropriate actions — Expert Other Requirements - 6+ years experience across CTI and at least one adjacent domain (Security Operations, Incident Response, Detection Engineering, Threat Hunting, Vulnerability Management). - Experience analyzing adversary behaviors and translating TTP-based intelligence into actionable detection recommendations, hunt guidance, and hunting hypothesis. - Strong finished intelligence writing and briefing skills, with the ability for both operational and executive stakeholders. - Demonstrated ability to collaborate cross-functionally and drive actions to closure (not just produce reports). - Remote/Hybrid; travel as needed for strategic workshops, onboarding, and executive briefings. Preferred Requirements - Experience designing or operationalizing threat hunting playbooks and/or improving detection coverage based on research and incident learnings. - Familiarity with automation opportunities in intel/detection workflows. - Relevant certifications (GIAC, CISSP, etc.) or equivalent demonstrated capability. The estimated annual pay range for this position is $120,000 - $160,000 which includes a base salary and bonus. The compensation for this position is dependent on job-related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual. Benefits may include, but are not limited to, medical, vision, dental, 401K, and flexible spending. Equal Employment Opportunity – M/F/Disability/Protected Veteran Status