Job Description: Key Responsibilities
- Proactively hunt for advanced persistent threats (APTs), zero-day exploits, and other sophisticated attacker activity across the enterprise environment.
- Continuously monitor and analyze threat actor activity, tracking their Tactics, Techniques, Procedures (TTPs) and associated Indicators of Compromise (IOCs) using frameworks like MITRE ATT&CK.
- Manage the full intelligence lifecycle by gathering and processing raw data from diverse sources, including internal logs, commercial threat feeds, open-source intelligence (OSINT), and dark web forums.
- Triage, filter, and analyze large datasets to correlate activity, establish context, and produce timely, accurate, and actionable intelligence.
- Disseminate critical intelligence reports, threat briefs, and situational awareness reports to diverse audiences, from technical SOC analysts to CISOs and executive stakeholders.
- Produce and maintain executive-level dashboards that clearly communicate the threat landscape, risk posture, and operational effectiveness.
- Partner with SIEM and SOAR engineering teams to refine and automate threat detection and response workflows, and to review threat briefs, validate hypotheses, and continuously improve detection logic.
Meticulously document all analytic content, detection logic, core assumptions, and tuning parameters to ensure transparency and maintainability.
-
Required Skills and Experience
- Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related field.
- 6+ years of experience in cybersecurity, with a demonstrated history as L3 in Cyber Threat Intelligence and/actionable threat hunting.
- Expert-level understanding of threat actor TTPs, APT groups, the cyber kill chain, and the MITRE ATT&CK framework.
- Proven experience in hypothesis-driven threat hunting for advanced adversaries in complex enterprise networks.
- Experience with Threat Intelligence Platforms like Anomali, or MISP.
- Strong data analysis skills with experience processing raw logs (e.g., endpoint, network, proxy) and multiple intelligence feeds (OSINT, commercial, dark web).
- Hands-on experience with SIEM/SOAR platforms (e.g., Sentinel) for detection logic, analysis, and automation.
- Ability to develop and deliver regular, metric-driven reports on threat hunting activities, key findings, and emerging trends.
- Excellent communication skills with the ability to produce high-quality, executive-level reports and brief the leadership.
Responsibilities: Key Responsibilities
- Proactively hunt for advanced persistent threats (APTs), zero-day exploits, and other sophisticated attacker activity across the enterprise environment.
- Continuously monitor and analyze threat actor activity, tracking their Tactics, Techniques, Procedures (TTPs) and associated Indicators of Compromise (IOCs) using frameworks like MITRE ATT&CK.
- Manage the full intelligence lifecycle by gathering and processing raw data from diverse sources, including internal logs, commercial threat feeds, open-source intelligence (OSINT), and dark web forums.
- Triage, filter, and analyze large datasets to correlate activity, establish context, and produce timely, accurate, and actionable intelligence.
- Disseminate critical intelligence reports, threat briefs, and situational awareness reports to diverse audiences, from technical SOC analysts to CISOs and executive stakeholders.
- Produce and maintain executive-level dashboards that clearly communicate the threat landscape, risk posture, and operational effectiveness.
- Partner with SIEM and SOAR engineering teams to refine and automate threat detection and response workflows, and to review threat briefs, validate hypotheses, and continuously improve detection logic.
- Meticulously document all analytic content, detection logic, core assumptions, and tuning parameters to ensure transparency and maintainability.
Qualifications: Required Skills and Experience
- Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related field.
- 6+ years of experience in cybersecurity, with a demonstrated history as L3 in Cyber Threat Intelligence and/actionable threat hunting.
- Expert-level understanding of threat actor TTPs, APT groups, the cyber kill chain, and the MITRE ATT&CK framework.
- Proven experience in hypothesis-driven threat hunting for advanced adversaries in complex enterprise networks.
- Experience with Threat Intelligence Platforms like Anomali, or MISP.
- Strong data analysis skills with experience processing raw logs (e.g., endpoint, network, proxy) and multiple intelligence feeds (OSINT, commercial, dark web).
- Hands-on experience with SIEM/SOAR platforms (e.g., Sentinel) for detection logic, analysis, and automation.
- Ability to develop and deliver regular, metric-driven reports on threat hunting activities, key findings, and emerging trends.
- Excellent communication skills with the ability to produce high-quality, executive-level reports and brief the leadership.
