Cyber Threat Hunter

AHEAD

1d•$115,000 - $130,000

About The Position

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation. At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD. We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived. We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD. The Managed Security Team at AHEAD monitors client environments and performs Incident Detection, Validation, and Reporting. We are seeking a highly skilled Cybersecurity Threat Hunter to proactively identify, investigate, and work with clients to mitigate advanced threats within their environments. This role focuses on detecting adversary activity that evades traditional security controls by leveraging hypothesis-driven investigations, advanced analytics, and deep technical expertise. We are looking for a candidate who has SIEM, SOAR, EDR, and Vulnerability Assessment experience and can work closely with AHEAD Managed Security Clients, Client Success Managers, as well as Detection & Response, and Security Engineering teams to continuously improve and enhance AHEADâs Managed Security Threat Hunting capabilities.

Requirements

Bachelorâs degree in Computer Science, Cybersecurity, Information Technology, or equivalent practical experience.
3â7+ years of experience in cybersecurity, with hands-on experience in threat hunting, incident response, or SOC operations.
Strong understanding of operating systems (Windows, Linux, macOS), networking concepts, and common enterprise architectures.
Threat intelligence analysis experience and integration into hunting workflows.
Proficiency with SIEM platforms and query languages (e.g., SQL, Splunk SPL, Elastic KQL, ESQL).
Experience with EDR/XDR tools (e.g., Elastic Defend, Microsoft Defender, CrowdStrike, SentinelOne).
Experience with cloud platforms and security tooling (AWS, Azure, GCP).
Solid knowledge of attacker techniques, malware behavior, and persistence mechanisms.
Ability to analyze large datasets and identify subtle patterns of malicious activity.
Strong scripting or programming skills (e.g., Python, PowerShell, Bash).
Customer service focused and portrays energy, professionalism and welcoming characteristics.

Nice To Haves

Security certifications such as GCTI, GCED, GCIH, GCIA, GCED, OSCP, or CISSP.
Familiarity with digital forensics and memory analysis tools.
Experience automating detection and response workflows.
Published research, analysis, or articles.

Responsibilities

Develop and execute threat-hunting hypotheses based on adversary tactics, techniques, and procedures (TTPs), leveraging frameworks such as MITRE ATT&CK.
Engage with Client Security & IT infrastructure and internal AHEAD Managed Security teams to proactively hunt for advanced threats, suspicious behavior, and indicators of compromise (IOCs) across endpoints, networks, cloud, and identity systems.
Analyze data from SIEM, EDR/XDR, NDR, cloud security tools, and logs to uncover stealthy or unknown threats.
Conduct deep-dive investigations to determine root cause, scope, and impact of identified threats.
Collaborate with incident response teams to contain, eradicate, and remediate confirmed threats.
Create and refine detection logic, queries, dashboards, and alerts to enhance ongoing monitoring.
Stay current on emerging threats, attack techniques, and vulnerabilities, and translate intelligence into actionable hunts.
Document findings, develop reports, and communicate results to technical and non-technical stakeholders.
Collaborate with managed security peers to contribute to continuous improvement of threat detection and response processes.