Cyber Threat Hunter

About The Position

Requirements

• 3+ years of experience in cybersecurity operations, with hands ‑ on experience in threat hunting.
• Strong understanding of adversary behaviors, attack chains, and common tactics across endpoint, network, identity, and cloud environments.
• Experience working with SIEM/XDR platforms, log analysis, and security telemetry at scale.
• Familiarity with threat intelligence lifecycle and MITRE ATT&CK framework.
• Strong analytical, investigative, and documentation skills.
• Ability to work independently in an offshore model and collaborate effectively with global teams across time zones.

Nice To Haves

• Hands ‑ on experience using Palo Alto Cortex XSIAM for threat hunting, detection engineering, investigation workflows, and alert tuning.
• Experience developing and operationalizing XSIAM analytics, queries, and investigation playbooks across endpoint, identity, cloud, and network telemetry.
• Strong experience hunting and investigating threats in Microsoft Azure environments, including Entra ID (Azure AD), Azure IaaS/PaaS workloads, and cloud identity logs.
• Familiarity with Azure security telemetry (Sign ‑ In Logs, Audit Logs, Defender for Cloud/Endpoint, Azure Activity Logs).
• Experience correlating cloud, endpoint, and identity signals to detect credential abuse, privilege escalation, lateral movement, and persistence techniques.
• Scripting and automation experience using Python, KQL, PowerShell, or Bash to support hunting, enrichment, and reporting.
• Exposure to malware analysis, OSINT, or threat intelligence platforms (TIPs) to inform hunt hypotheses and detections.
• Preferred Certifications: GCED, GCIA, GCIH, or GCED OSCP, GPEN, or GWAPT Security+, CySA+, or equivalent industry certifications

Responsibilities

• Conduct proactive, hypothesis‑based threat hunts across endpoint, network, identity, cloud, and SaaS telemetry to identify unknown or emerging threats.
• Leverage MITRE ATT&CK to design and execute hunt scenarios aligned to known adversary tradecraft.
• Identify stealthy behaviors such as living‑off‑the‑land techniques, credential abuse, lateral movement, and command‑and‑control activity.
• Develop and refine detection logic, analytics, and queries within SIEM/XDR platforms (e.g., Cortex XSIAM or equivalent).
• Perform deep‑dive investigations and escalate confirmed threat activity with clear evidence and recommendations.
• Partner with Incident Response teams during active incidents to provide threat context, scoping, and root cause analysis.
• Validate and tune alerts to reduce false positives while improving detection efficacy.
• Correlate internal telemetry with threat intelligence feeds to identify active campaigns, exploited vulnerabilities, and adversary infrastructure.
• Track emerging threat actor techniques, malware families, and attack trends relevant to the organization’s industry.
• Translate intelligence into actionable hunts, detections, and defensive recommendations.
• Contribute to the development of threat hunting playbooks, standard operating procedures, and knowledge repository in general.
• Support continuous improvement of the threat hunting program through metrics such as hunt coverage, findings quality, cyber posture enhancement identification.
• Produce clear, concise reports for both technical and non‑technical stakeholders.