Threat Hunter

SentinelOne

4h•$84,000 - $110,000

About The Position

At SentinelOne, we are driven by a clear purpose: to give the advantage to those who secure our future. As AI reshapes how organizations build, operate, and innovate, the responsibility to protect them becomes more critical than ever. When you join SentinelOne, your work helps protect global enterprises, critical infrastructure, and the technologies shaping tomorrow. If you are motivated by meaningful challenges and want your impact to be real, measurable, and global, you will find purpose here. SentinelOne is a company at the intersection of AI and security, pioneering a new operating model for cybersecurity. Our AI-native platform unifies protection across endpoint, cloud, identity, data, and AI systems to deliver autonomous detection and response with clarity and speed. By combining real-time analytics, intelligent automation, and a unified data foundation, we reduce noise, simplify complexity, and empower security teams to focus on what truly matters. Our teams are builders, problem-solvers, and innovators committed to shaping the future of security. If you are excited to solve hard problems alongside talented, mission-driven people, we invite you to help us build a safer future for humanity. We’re looking for people who are relentlessly curious and committed to continuous learning. AI is reshaping every function across our business, and we enable every team member, regardless of role or level, to build fluency in AI tools and concepts. Those who thrive here actively seek out new solutions, experiment thoughtfully, and apply what they learn to drive better, faster, smarter outcomes. As an experienced threat hunter, you will be tasked with delivering SentinelOne’s proactive threat hunting services to our Threat Hunting clients (including FedRAMP-authorized environments). You’ll build and maintain a high-quality library of hunts and rules across Windows, macOS, and Linux, with a strong emphasis on EDR telemetry. You’ll partner closely with MDR, Incident Response, Labs, and Detection Engineering to respond to emerging threats, convert research into actionable hunts, and communicate clearly with clients.

Requirements

3+ years in security operations and/or adjacent disciplines (threat hunting, incident response, DFIR, malware analysis, SOC, or penetration testing).
Strong familiarity with EDR telemetry (process, file, network, persistence).
Proficiency with Python and Git/GitHub workflows (branches, PRs, code review); ability to turn hunt logic into robust, reusable code.
Broad OS internals knowledge across Windows, Linux, and macOS.
Applied CTI skills: consume and operationalize IOCs/TTPs; track actors/campaigns; pivot with OSINT to enrich hunts.
Experience collaborating with cross-functional teams (MDR, IR, Labs, Detection Engineering) to cycle from research hunt detection outcome.
Clear, concise writing and reporting for client-facing communications (advisories, AARs, executive summaries), and comfort presenting technical analysis directly to clients when necessary.
Familiarity with MITRE ATT&CK and mapping hunts to relevant techniques.
U.S. citizenship required due to FedRAMP program requirements.

Nice To Haves

EDR telemetry (bonus if you know SentinelOne deeply)
SentinelOne experience is a plus

Responsibilities

Design, implement, and continuously improve a structured library of hypothesis-driven hunts and reusable rules aligned with the ATT&CK framework.
Execute proactive hunts across diverse telemetry (primarily EDR) to uncover malicious activity such as living-off-the-land techniques and stealthy persistence.
Carry out all threat hunting activities in controlled FedRAMP environments.
Translate findings into repeatable playbooks, automations, and platform-ready detections where applicable.
Triage emerging threats (e.g. zero-days) and assess potential exposure.
Build focused hunts and detections mapped to relevant TTPs, with clear rationale and validation steps.
Produce concise, actionable client advisories explaining scope and potential impact of the emerging threat, recommended mitigations, and the steps being taken by SentinelOne to protect our customers.
Partner with Detection Engineering, MDR, Labs, and CTI to evaluate and tune rules for fidelity and coverage.
Curate and operationalize relevant IOCs/TTPs from CTI, Labs research, and OSINT into hunts and when appropriate convert those into platform detections.