- CISA is planning a $100 million cyber operations contract supporting threat-hunting missions
- The requirement will provide technical and operational support for the agency’s Office of Threat Hunting
- The scope includes incident response, cybersecurity engineering and security operations capabilities
The Cybersecurity and Infrastructure Security Agency has announced plans to launch a competition for a contract valued at more than $100 million to support its cybersecurity division’s operations, including incident response and threat-hunting.
According to an updated entry in the Department of Homeland Security’s Acquisition Planning Forecast System, CISA expects to compete the Cyber Technology Services requirement through the General Services Administration Schedule contract vehicle, with an anticipated award in the fourth quarter of fiscal year 2027.
CISA leads the national effort to understand, manage, and reduce cyber and physical risks to critical infrastructure. Its cyber operations priorities and technology requirements will be among the topics discussed at the Potomac Officers Club’s 2026 Homeland Security Summit on Nov. 12. Register now to join the conversation with top government and industry leaders.
What Is the Cyber Technology Services Requirement?
The planned contract will support the Cybersecurity Division’s Office of Threat Hunting and provide services supporting information technology architecture, software development, security operations, and operations and maintenance activities.
CISA said the contractor will help sustain government operational networks, cybersecurity tools and supporting technologies used for incident response and proactive cyber hunting missions.
The forecast identifies Arlington, Virginia, as the primary work location.
What Work Will the Contractor Perform?
A draft performance work statement posted on SAM.gov on May 22 for CTS mirrors the DHS forecast. The PWS outlines support across eight task areas, including program management, IT architecture and innovation services, engineering and development operations, data management and analytics, systems sustainment, security operations, laboratory support, and service desk functions.
It stated that the contractor will support development, deployment and maintenance of cybersecurity technologies while helping operate and secure networks used by the Office of Threat Hunting. Responsibilities include vulnerability management, security assessments, cloud engineering, DevSecOps implementation, continuous monitoring and software development support.
The PWS also calls for support to CISA’s malware analysis laboratory, security operations center activities and industrial control systems testing environments used to evaluate cyberthreats and improve operational readiness.
What Other Cyber Procurements Is CISA Pursuing?
The CTS opportunity follows several recent cybersecurity acquisition initiatives within DHS and CISA.
Earlier this year, DHS issued a request for information for the Network, Cloud and Cyber Services 2.0 initiative, which seeks contractor support for Network Operations and Security Center facilities responsible for monitoring and protecting department networks.
In 2025, CISA disclosed plans to compete a cybersecurity threat intelligence platform blanket purchase agreement intended to support enterprise threat intelligence operations and sustainment activities.
