Jobs › Cyber Defense Threat Hunter
Cyber Defense Threat Hunter
Role at a glance
- Category
- GRC
- Work arrangement
- On-site
- Location
- Arlington, Virginia
- Salary range
- $85,447 to $158,322
- Posted
- Jul 7, 2026
Cybersecurity and Infrastructure Security Agency is hiring a Cyber Defense Threat Hunter in Arlington, Virginia. This is a GRC role in the governance, risk, and compliance field, with a posted range of $85,447 to $158,322. Review the full details below and apply directly with Cybersecurity and Infrastructure Security Agency.
This announcement is issued under the Direct Hire Authority (DHA) to recruit for positions for which there is a critical hiring need. Selectee(s) will receive a career or career-conditional appointment in the competitive service and may be required to serve a one year probationary period. The official title of this position is Information Technology Cybersecurity Specialist (INFOSEC)
Full responsibilities and requirements are on Cybersecurity and Infrastructure Security Agency's application page.
Apply for this role →Location and market context
This role is based in Arlington, Virginia on-site. Local candidates benefit from being close to Cybersecurity and Infrastructure Security Agency's teams and regional hiring market. Confirm the exact in-office expectation and any relocation support with the employer.
About cybersecurity governance roles
Cybersecurity governance connects security control frameworks to business and regulatory risk, covering policy, risk assessment, and control assurance rather than hands-on operations. Roles like this one are typically evaluated against frameworks such as NIST CSF, ISO/IEC 27001, SOC 2, and security risk and control-assurance practices.
How to position yourself for this cybersecurity governance role
Strong candidates emphasize security control frameworks, risk assessment, policy and standards, and translating technical security posture into governance and board-level reporting. In your resume and outreach, tie your experience to how Cybersecurity and Infrastructure Security Agency would apply NIST CSF, ISO/IEC 27001, SOC 2, and security risk and control-assurance practices, and lead with concrete outcomes rather than duties.
Similar GRC roles
More GRC jobs: All GRC roles · Browse by category & location