Staff Security Specialist, Threat Hunter

As a Cyber Threat Hunter with a focus on Cyber Threat Intelligence (CTI), you will play a critical, proactive role in safeguarding our organization from advanced threats that evade traditional security defenses. You will bridge the gap between reactive incident response and preventative security engineering, using intelligence-driven methodologies to hunt down adversaries in our environment before they can cause harm. Your mission is to: Proactively Hunt: Execute hypothesis-driven threat hunts across the network, endpoints, and cloud environments to uncover hidden, anomalous, or malicious activity that could bypass controls Leverage Intelligence: Integrate Cyber Threat Intelligence (CTI) from tactical, operational, and strategic sources to inform hunting hypotheses, prioritize investigations, and enrich security tooling Support Incident Response: Collaborate on threat intelligence driven incidents by providing hunting and CTI enrichment support Improve Posture: Prioritize vulnerabilities and security gaps based on threat actor exploitation trends identified via CTI and hunting campaigns, directly feeding into the vulnerability management and security engineering programs Advance Detection: Coordinate with detection engineers to develop new detections, composite rules, and dashboards based on discovered threat Tactics, Techniques, and Procedures (TTPs) to enhance the security team's overall capability TIP and SIEM Enrichment: Lead the lifecycle of threat intelligence within the Threat Intelligence Platform (TIP), ensuring timely maintenance, accurate expiration policies, reduction in false positive rates, and continuous enrichment of Indicators of Compromise (IOCs) and TTPs to improve contextualization and prioritization of alerts in the Security and Information Event Management (SIEM) External Threat Monitoring: Maintain continuous tracking and monitoring of external threat surfaces, including dark web forums, leak sites, and underground marketplaces, focusing on brand protection, supply chain risks, and the identification of organizational asset management risks The day-to-day A typical day involves a blend of deep investigation, collaboration, and continuous learning: Review the latest threat intelligence reports, internal alerts, and ongoing investigations. Prioritize the day's hunting campaigns based on the most relevant and high-impact threats Spend significant time querying and analyzing large datasets from SIEM, Endpoint Detection and Response (EDR), network logs, and cloud telemetry, searching for patterns and anomalies that confirm or deny a threat intelligence hypothesis Conduct in-depth analysis on potential IOCs, which may include correlating data from disparate sources Work directly with the Incident Response team to transition a confirmed threat into a full-scale incident, providing critical context on the threat actor, their motives, and their activities Participate in and contribute to relevant threat intelligence working groups, consuming information from partners to rapidly shift and focus hunting efforts on the most immediate and relevant threats to our sectors Regularly review and update intelligence feeds and context within the TIP and SIEM to keep alerting rules efficient. This reduces false positive alerts and improves detection based on gathered information Document and communicate findings clearly to both technical and non-technical stakeholders, detailing the threat, its potential impact, and actionable remediation steps