About the Role
The Threat Intelligence & Hunting Analyst is the most senior individual contributor in the SOC, responsible for proactively identifying adversary activity that automated detections miss. Because our clients span multiple industries and threat landscapes, this role requires the ability to translate external intelligence into client-specific hunts and durable detections. The Analyst acts as the final technical escalation for complex incidents and drives the practice’s threat research and thought-leadership agenda.
Key Responsibilities
- Conduct structured, hypothesis-driven threat hunts across client environments using Microsoft Sentinel and Defender XDR Advanced Hunting.
- Operate the end-to-end threat intelligence lifecycle — collection, processing, analysis, and dissemination — for strategic, tactical, and operational consumers.
- Produce sector-specific and client-tailored threat intelligence briefings, including monthly reports and ad-hoc advisories.
- Curate and enrich IOC and IOA feeds using MISP, TAXII / STIX 2.1 feeds, and commercial threat intelligence platforms.
- Convert successful hunts into durable analytics rules, Sigma content, and reusable detection templates for the wider SOC.
- Lead purple team and adversary emulation exercises (Atomic Red Team, Caldera) and translate the findings into detection improvements.
- Act as the final technical escalation point for complex incidents such as APT activity, ransomware, and insider threats.
- Perform malware triage and dynamic analysis using sandbox platforms, with the ability to extract indicators for hunting and detection.
- Monitor dark web, OSINT, and underground forums for client exposure and emerging campaigns relevant to the portfolio.
- Mentor L2 and L3 analysts on advanced investigation techniques and contribute to internal training and thought-leadership content.
Requirements
- 3 or more years of experience in security operations, with at least 2 years in a dedicated threat hunting or cyber threat intelligence role.
- Expert-level KQL, including experience with joins, time-series, anomaly detection, and advanced operators.
- Deep working knowledge of the MITRE ATT&CK framework and familiarity with D3FEND.
- Proven experience running hypothesis-driven hunts and producing client-ready intelligence reports.
- Hands-on experience with threat intelligence platforms, MISP, TAXII / STIX feeds, and IOC management.
- Familiarity with malware triage, sandbox analysis, and reverse-engineering fundamentals.
- Microsoft SC-200 is required; GCTI, GCFA, GCIH, CREST CTIA, or OSCP are strong advantages.
- Published research, CVE credits, or conference talks are a significant plus and demonstrate community contribution.
Pay: From ₹50,000.00 per month
Benefits:
Work Location: In person
