Company Overview
WINTrio LLC (WINTrio) is a leading provider of Cyber/DevSecOps, Cloud, Artificial Intelligence (AI)/Machine Learning (ML), and Agile Software Development solutions. We collaborate closely with federal and commercial clients to solve complex technical challenges by delivering innovative, agile, and cost-effective solutions. Our team is empowered to think creatively and deliver impactful results that drive measurable value.
Role: SOC Tier III Analyst / Threat Hunter
Location: Remote
Client: Long-term Federal/Public Sector
Work Authorization: US Citizen or Green Card preferred; must be able to pass federal background and suitability requirements.
Job Summary:
As a SOC Tier III Analyst / Threat Hunter, you will handle complex incident investigations, proactive threat hunting, detection validation, advanced adversary behavior analysis, and purple team support for a federal vSOC program. This role requires expert-level KQL, Microsoft Sentinel, Defender XDR, MITRE ATT&CK, and incident response experience.
Key Responsibilities:
• Lead complex incident investigations and support high-severity escalations.
• Conduct monthly proactive threat hunting across identity, endpoint, cloud, network, email, GitHub, SQL, and backup telemetry.
• Develop and refine hunting hypotheses aligned to MITRE ATT&CK.
• Build and tune advanced KQL queries, detection logic, analytics rules, and workbooks.
• Support purple team exercises and adversary simulation validation.
• Identify gaps in detection coverage and recommend new use cases.
• Support forensic triage, root cause analysis, containment recommendations, and recovery validation.
• Provide technical mentorship to Tier I and Tier II analysts.
• Produce threat hunting reports, detection improvement recommendations, and executive summaries.
Required Qualifications:
• Bachelor’s degree in Cybersecurity, Computer Science, Digital Forensics, Information Technology, or related field.
• 8+ years of cybersecurity operations, threat hunting, detection engineering, incident response, or digital forensics experience.
• Advanced hands-on experience with Microsoft Sentinel, KQL, Defender XDR, and threat hunting.
• Strong understanding of attacker tactics, techniques, and procedures.
• Experience supporting regulated or federal environments with CUI, PII, PHI, FTI, or sensitive data.
• Experience writing incident reports, RCA reports, threat hunt reports, and detection engineering recommendations.
Tools and Preferred Qualifications:
• Microsoft Sentinel, Defender XDR, MDE, MDI, Entra ID, Azure Log Analytics.
• AWS CloudTrail, VPC Flow Logs, GitHub security logs, SQL Server audit logs.
• MITRE ATT&CK, NIST SP 800-61, NIST SP 800-53, Zero Trust.
• Certifications preferred: GCIH, GCIA, GCFA, GNFA, CISSP, CEH, SC-200, AZ-500, AWS Security Specialty.
Benefits
• Medical, Dental, and Vision Insurance
• FSA & HSA options
• 401(k) Retirement Plan
• Annual Bonus & Profit Sharing
• Paid Time Off (PTO) & Vacation
• Employee Assistance Program (EAP)
• Life & Disability Insurance
Why Join WINTrio?
WINTrio is a people-first, employee-driven organization. We offer opportunities to grow across emerging technologies, program management, and business development while working on high-impact federal initiatives.
Equal Opportunity Employer
WINTrio LLC is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration without regard to race, color, religion, sex, gender identity, national origin, age, veteran status, or disability.