Sr. Threat Hunter

About The Position

Requirements

• 5+ years in security operations and/or adjacent disciplines (threat hunting, incident response, DFIR, malware analysis, SOC, or penetration testing).
• 2+ years hands-on, hypothesis-driven threat hunting with measurable outcomes in EDR-centric environments.
• Strong familiarity with EDR telemetry (process, file, network, persistence)—SentinelOne experience is a plus.
• Proficiency with Python and Git/GitHub workflows (branches, PRs, code review); ability to turn hunt logic into robust, reusable code.
• Broad OS internals knowledge across Windows, Linux, and macOS.
• Applied CTI skills: consume and operationalize IOCs/TTPs; track actors/campaigns; pivot with OSINT to enrich hunts.
• Experience collaborating with cross-functional teams (MDR, IR, Labs, Detection Engineering) to cycle from research → hunt → detection → outcome.
• Clear, concise writing and reporting for client-facing communications (advisories, AARs, executive summaries), and comfort presenting technical analysis directly to clients when necessary.
• Familiarity with MITRE ATT&CK and mapping hunts to relevant techniques.
• U.S. citizenship required due to FedRAMP program requirements.

Responsibilities

• Design, implement, and continuously improve a structured library of hypothesis-driven hunts and reusable rules aligned with the ATT&CK framework.
• Execute proactive hunts across diverse telemetry (primarily EDR) to uncover malicious activity such as living-off-the-land techniques and stealthy persistence.
• Carry out all threat hunting activities in controlled FedRAMP environments.
• Translate findings into repeatable playbooks, automations, and platform-ready detections where applicable.
• Triage emerging threats (e.g. zero-days) and assess potential exposure.
• Build focused hunts and detections mapped to relevant TTPs, with clear rationale and validation steps.
• Produce concise, actionable client advisories explaining scope and potential impact of the emerging threat, recommended mitigations, and the steps being taken by SentinelOne to protect our customers.
• Partner with Detection Engineering, MDR, Labs, and CTI to evaluate and tune rules for fidelity and coverage.
• Curate and operationalize relevant IOCs/TTPs from CTI, Labs research, and OSINT into hunts and when appropriate convert those into platform detections.

Benefits

• Medical, Vision, Dental, 401(k), Commuter, Health and Dependent FSA
• Unlimited PTO
• Industry-leading gender-neutral parental leave
• Paid Company Holidays
• Paid Sick Time
• Employee stock purchase program
• Disability and life insurance
• Employee assistance program
• Gym membership reimbursement
• Cell phone reimbursement