Job Description

We are looking for a proactive and inquisitive Threat Hunting Analyst to join our security operation team. Unlike traditional SOC roles that wait for alerts, you will proactively search for indicators of compromise (IOCs) and adversarial tactics, techniques, and procedures (TTPs) across our enterprise. You will assume that adversaries are already inside the network and work to detect them before they achieve their objectives.

Key Responsibilities

• Hypothesis-Driven Hunting: Develop and execute threat hunting hypotheses based on the MITRE ATT&CK framework, intelligence reports, and emerging industry trends.
• Data Analysis: Leverage EDR, NDR, SIEM, and network telemetry (NetFlow, Proxy, DNS) to analyze large datasets to identify anomalous behavior and hidden threats.
• Detection Engineering: Translate findings into high-fidelity detection logic (rules, analytics) to automate the identification of adversary behavior for the SOC.
• Incident Response: Investigate potential intrusions identified during hunts; contain threats and assist in remediation efforts.
• Threat Intelligence Integration: Correlate internal telemetry with external threat intelligence (CTI) to prioritize hunting activities against relevant threat actors (ransomware groups, APTs, etc.).
• Process Improvement: Identify gaps in logging, visibility, and tooling; recommend improvements to enhance detection and response capabilities.
• Documentation: Maintain clear documentation of hunting procedures, methodologies, and post-hunt reports for stakeholders.

Key Requirements:

• Bachelor’s degree in computer science, Information Technology, or a related field.
• Experience: 3+ years in information security, with at least 2 years focused on Threat Hunting, Incident Response, or advanced SOC analysis.
• EDR Proficiency: Deep experience with Endpoint Detection and Response (EDR) tools (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Carbon Black). Ability to query raw telemetry (KQL, OSCAR, or similar).
• SIEM & Data Analysis: Expert-level proficiency in SIEM query languages (SPL for Splunk, KQL for Microsoft Sentinel, or SQL). Ability to script in Python, PowerShell, or Bash for automation and data enrichment.
• Operating Systems: Deep understanding of Windows, Linux, and macOS internals (processes, registry, file system, memory, scheduled tasks, WMI, and persistence mechanisms).
• Network Analysis: Strong understanding of network protocols (HTTP/S, DNS, SMB), proxy logs, and packet analysis (Wireshark).
• Frameworks: Mastery of the MITRE ATT&CK framework and Cyber Kill Chain.
• Reverse Engineering (Bonus): Basic familiarity with malware analysis sandboxes (e.g., Joe Sandbox, Any.Run) to understand binary behavior during hunts.

• Analytical Thinking: Ability to distinguish between false positives and true malicious activity with limited information.
• Communication: Ability to articulate complex technical findings to non-technical stakeholders and write clear, concise reports.
• Collaboration: Willingness to mentor junior SOC analysts and share hunting methodologies with the team.

Preferred Certifications:

• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Threat Hunter (GCTH)
• Certified Information Systems Security Professional (CISSP)
• Relevant vendor certifications (e.g., Splunk Power User, Azure Security Engineer)