Join Armis in Dublin for Armis Connect

Learn More
May 16, 2024

Threat Hunter

Washington DC - Baltimore Metro Area

Armis is looking for a few of the very best people in their field to join our A-team of big thinkers, doers, movers, and shakers. This unique opportunity truly offers the best of all worlds—start up culture, enterprise level benefits and security, and top pay for the industry. Got your attention yet? Good, keep reading, it only gets better.

Ok, so what exactly does Armis do?

Connected assets are growing at an explosive rate, across every industry and every geo. In today’s world of smart devices and BYOD, these assets come from every direction and are found in every possible environment and industry. And they’re critical to success for every enterprise. And because every single asset represents a very real potential vulnerability, they’re also the last line of defense against today’s sophisticated cyber criminals. 

Armis gives companies of every size—across every industry and geo—complete asset visibility, contextual intelligence, and continuous security. We have partnerships and integrations with the planet’s leading tech and cybersecurity players. And we’re building an incredibly smart and diverse global team of thought-leading technologists, creative visionaries and proven game changers who are ready to take Armis to the next level.

Location: This is a remote position and we are considering candidates from any major hub in the EST/ CST / MST time zone

The Threat Hunter is an integral part of our services organization providing expert knowledge in security best practices, security controls and advanced analysis to our customers. Knowledge in infrastructure, network principals, security standards, practices and controls as well as adversarial tactics and techniques are key components for success in this role. This team member will apply their wealth of knowledge and experience to identify and investigate potential emerging threats, enable our clients to effectively respond to these threats and provide recommendations using risk based methodology This team member will assist in overall strategy, foster a collaborative team environment, and provide mentoring to junior associates. 


  • Configure tools and detect patterns/outliers within client environments matching tactics, techniques or procedures (TTPs) of known threat actors, malware or other unusual or suspicious behaviors.
  • Conduct cyber hunts in support of identifying emerging threats on behalf of multiple clients, often operating as a lead investigator.
  • Provide expert analytic investigative support of large scale and complex security incidents across multiple clients and supporting their SOC team through the investigation, recommendations, response, and post mortem efforts.
  • Create detailed Incident Reports and contribute to lessons learned in collaboration with client teams.
  • Monitor multiple client environments and investigate & report on emerging threats.
  • Contribute to executive summary reports and help deliver reported findings and recommendations to client audiences.
  • Develop & document technical risk reduction recommendations in relation to findings and overall trends.
  • Suggest and maintain client policies within the Armis platform in support of monitoring and alerting use cases, focused on optimizing threat hunting service efficacy, and the client’s overall security posture improvement.
  • Support client and internal reporting & dashboarding customization efforts within the Armis platform, as required.
  • Work with internal teams on orchestration & tool based enablement and optimization of team processes supporting overall service delivery.
  • Partnering with internal Threat Research, conduct dynamic and static malware analysis on samples obtained during incident handling or hunt operations in order to identify IOCs.
  • Contribute to the documentation of simple and reusable hunt tactics and techniques for the extended and shifting team delivering threat services.
  • Help identify, provide design input, and prioritize product feature requests in support of Armis threat hunting capabilities both from the perspective of the internal service and over-arching consuming organizations.
  • Regularly engage with clients to help them truly mature and optimize their Armis deployments, primarily from a risk management and incident response perspective.
  • Establish & maintain client-specific cyber hunt & monitoring playbooks.
  • Operate as subject matter expert (SME) point of contact for clients during business hours.


  • Bachelor’s Degree in Cybersecurity related field preferred
  • 3+ years of Cybersecurity experience
  • Desired Certifications: CISSP, SANS GCTI, CCSP, GCFA, GCFE, GREM, GNFA, or OSCP Certification
  • Experience with securing and hardening IT infrastructure.
  • Experience with threat feed research; collect, prioritize, organize and application.
  • Experience with the threat hunting complete life cycle; developing hunt hypothesis, analyzing and processing intelligence, find trigger, investigation, response and recommendations
  • Advanced knowledge of log analysis, PCAP analysis, traffic flow analysis and experience with associated infrastructure and systems to aid in the identification of malware or other malicious behavior.
  • Demonstrated or advanced experience with computer networking and operating systems.
  • Experience with operational security, including security operations center (SOC), incident response, evidence assessments, malware analysis, or IDS and IPS analysis.
  • Knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols.
  • Knowledge of TTPs involved in current APT threats and exploits involving various operating systems, applications and protocols, including working knowledge of the Cyber Kill Chain and MITRE ATT&CK Matrix.
  • Demonstrated ability to work in a team environment both in-person and remotely
  • Excellent written and verbal communication skills, analytical ability, and the ability to work effectively with peers, IT management and senior leaders.
  • Ability to both support and lead client and partner meetings and projects.
  • Software development and/or scripting experience is a plus: Python, Powershell, etc.
  • Experience applying machine learning to cybersecurity problems is a plus.

Salary range guidance for this position is:  $85,000- $130,000 

The salary range listed does not include other forms of compensation or benefits (e.g. i.e. bonuses, commissions, stocks, health insurance benefits, etc.) offered to candidates. Visit our careers site for more information on benefits at Armis.

The choices you make in your career journey matter. You want to do interesting work in an important field while also having time to live your life, which is why we place so much value in your life-work balance. Armis sets you up for success with comprehensive health benefits, discretionary time off, paid holidays including monthly me days, and a highly inclusive and diverse workplace. Put your unique experiences and perspective to work in an environment where they will enable you to thrive, grow, and live your life with integrity.

Armis is proud to be an equal opportunity employer. We never discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran status, genetic information, marital status or any other legally protected (or not) status. In compliance with federal law, all persons hired will be required to submit satisfactory proof of identity and legal authorization.

Please click here to review our privacy practices.

Apply for this position
(File types: pdf, doc, docx, txt, rtf)
(File types: pdf, doc, docx, txt, rtf)

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

Voluntary Self-Identification of Disability

Form CC-305

Page 1 of 1

OMB Control Number 1250-0005

Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Laboru2019s Office of Federal Contract Compliance Programs (OFCCP) website at

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your u201cmajor life activities.u201d If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinsonu2019s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection.
As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure
the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories
is as follows:

A “disabled veteran” is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A “recently separated veteran” means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An “active duty wartime or campaign badge veteran” means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An “Armed forces service medal veteran” means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey.
Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring
process or thereafter. Any information that you do provide will be recorded and maintained in a
confidential file.

As set forth in Armis Securityu2019s Equal Employment Opportunity policy,
we do not discriminate on the basis of any protected group status under any applicable law.