Threat Hunting Intern

About The Position

Requirements

• Currently pursuing a degree in Cybersecurity, Computer Science, Information Systems, or a related field; or equivalent demonstrated experience through self-study, competitions, or independent work
• Demonstrated interest in cybersecurity evidenced through personal projects, CTF participation, home labs, coursework, or active engagement with the security community
• Foundational understanding of networking concepts including TCP/IP, DNS, and common protocols, with an ability to recognize when traffic or behavior looks out of place
• Basic familiarity with Windows and/or Linux operating systems: understanding of processes, file systems, and logs at a level that supports security investigation
• Some exposure to query languages such as KQL, SPL, SQL, or similar; comfort writing structured searches to filter and investigate data is a strong advantage
• Awareness of attacker tactics, techniques, and procedures (TTPs) and familiarity with frameworks such as MITRE ATT&CK at a conceptual level
• Strong written communication skills, as you will be contributing to internal findings summaries and hunt reports read by experienced practitioners
• Detail-oriented and curious working style: the ability to follow evidence methodically, ask the next question, and challenge initial assumptions is central to this work
• Comfortable working under the direction of senior team members, asking questions, communicating findings proactively, and flagging blockers early

Nice To Haves

• Any prior exposure to security tooling such as a SIEM, EDR, or log analysis platform is a plus, but not required; we will teach you what you need

Responsibilities

• Support senior threat hunters in executing structured hunt missions from initial hypothesis through to final reporting, participating in every phase of the process
• Conduct searches and queries across SIEM and EDR platforms to surface anomalous behaviors and gather evidence to validate or refute active hunt hypotheses
• Assist in organizing and maintaining hunt hypothesis logs, tracking the reasoning behind each hypothesis, the data sources queried, and the outcomes as hunts progress
• Validate hunt results by cross-referencing detections against environmental baselines, threat intelligence, and known-good behavior, distinguishing true positives from noise and documenting your reasoning clearly
• Contribute to the drafting of final hunt reports, helping to summarize methodology, findings, and recommendations in a format suitable for both technical team members and non-technical readers
• Communicate the results of completed hunts internally, presenting findings in written summaries, team updates, or channel posts with appropriate technical clarity
• Assist senior hunters in refining and testing detection queries, helping to identify edge cases, validate logic against real data, and suggest improvements based on observed patterns
• Support triage and contextualization of security findings that surface during hunt operations, helping to prioritize and document what matters
• Contribute to team knowledge resources by helping document search patterns, field references, hunt playbooks, and lessons learned from completed hunts
• Stay current on emerging threats and adversary techniques, bringing relevant threat intelligence into hypothesis discussions and helping connect external context to active hunt priorities