🌎
This job posting isn't available in all website languages
📁
Consultant-IT
📅
261232 Requisition #

Position Overview

We are seeking a highly analytical, proactive, and technically skilled Threat Hunting Analyst to join our Cyber Security team. In this role, the candidate will move beyond reactive alert monitoring to actively track down hidden adversaries, advanced persistent threats (APTs), and several other techniques within the enterprise footprint and infrastructure.

The ideal candidate will perform structured, hypothesis-driven threat hunting campaigns utilizing our core enterprise security stack, specifically in SIEM/ EDR and Threat intelligence. This individual must possess deep tactical knowledge of adversary behaviors, exceptional log decoding capabilities and a baseline skill set in detection engineering to convert hunting discoveries into permanent, high-fidelity security alerts.

Key Responsibilities

  • Proactive Threat Hunting: Design, formulate and execute structured, hypothesis-driven threat hunting campaigns across but not limited to endpoints, identity providers, network telemetry and cloud environments.

  • Hypothesis Generation & Scenario Modeling: Develop testable, environment-specific hunting hypotheses from scratch by translating threat intelligence briefs and known attacker behaviors into targeted queries, focusing on uncovering anomalies rather than relying on static alerts.

  • Adversary Mapping: Look beyond standard SIEM/XDR alerts to uncover stealthy or zero-day malicious activities, mapping all discoveries directly to the MITRE ATT&CK framework to identify visibility gaps.

  • Advanced Query Engineering: Author, tune and optimize custom detection rules and complex threat hunting queries using YARA-L 2.0 and Google SecOps Universal Data Model (UDM) search.

  • Endpoint Telemetry Deep-Dives: Utilize Query Languages and Advanced Event Search within XDR to decode raw endpoint telemetry and reconstruct host timelines during active investigations.

  • Threat Intelligence Enrichment: Leverage Threat Intelligence to dynamically enrich host investigations, validate malware behavior, and pivot from standalone Indicators of Compromise (IOCs/IOAs) into broader attacker infrastructure. Consume and analyze tactical/strategic threat intelligence to understand the latest Tactics, Techniques, and Procedures (TTPs) of relevant threat actors.

Position Overview

We are seeking a highly analytical, proactive, and technically skilled Threat Hunting Analyst to join our Cyber Security team. In this role, the candidate will move beyond reactive alert monitoring to actively track down hidden adversaries, advanced persistent threats (APTs), and several other techniques within the enterprise footprint and infrastructure.

The ideal candidate will perform structured, hypothesis-driven threat hunting campaigns utilizing our core enterprise security stack, specifically in SIEM/ EDR and Threat intelligence. This individual must possess deep tactical knowledge of adversary behaviors, exceptional log decoding capabilities and a baseline skill set in detection engineering to convert hunting discoveries into permanent, high-fidelity security alerts.

Key Responsibilities

  • Proactive Threat Hunting: Design, formulate and execute structured, hypothesis-driven threat hunting campaigns across but not limited to endpoints, identity providers, network telemetry and cloud environments.

  • Hypothesis Generation & Scenario Modeling: Develop testable, environment-specific hunting hypotheses from scratch by translating threat intelligence briefs and known attacker behaviors into targeted queries, focusing on uncovering anomalies rather than relying on static alerts.

  • Adversary Mapping: Look beyond standard SIEM/XDR alerts to uncover stealthy or zero-day malicious activities, mapping all discoveries directly to the MITRE ATT&CK framework to identify visibility gaps.

  • Advanced Query Engineering: Author, tune and optimize custom detection rules and complex threat hunting queries using YARA-L 2.0 and Google SecOps Universal Data Model (UDM) search.

  • Endpoint Telemetry Deep-Dives: Utilize Query Languages and Advanced Event Search within XDR to decode raw endpoint telemetry and reconstruct host timelines during active investigations.

  • Threat Intelligence Enrichment: Leverage Threat Intelligence to dynamically enrich host investigations, validate malware behavior, and pivot from standalone Indicators of Compromise (IOCs/IOAs) into broader attacker infrastructure. Consume and analyze tactical/strategic threat intelligence to understand the latest Tactics, Techniques, and Procedures (TTPs) of relevant threat actors.

Previous Job Searches