Cyber Threat Hunter

This is a fully remote position, open to applicants in India.

📋 Description

• Execute proactive, hypothesis-driven threat hunts across endpoint, network, identity, cloud, and SaaS telemetry to uncover unknown or emerging threats.

• Utilize the MITRE ATT&CK framework to design and implement hunt scenarios that align with established adversary tradecraft.

• Detect stealthy behaviors, including living-off-the-land techniques, credential abuse, lateral movement, and command-and-control activities.

• Create and enhance detection logic, analytics, and queries within SIEM/XDR platforms (such as Cortex XSIAM or equivalent).

• Conduct in-depth investigations and escalate confirmed threat activities with clear evidence and actionable recommendations.

• Collaborate with Incident Response teams during active incidents to provide context on threats, scoping, and root cause analysis.

• Validate and fine-tune alerts to minimize false positives while enhancing detection effectiveness.

• Correlate internal telemetry with threat intelligence feeds to pinpoint active campaigns, exploited vulnerabilities, and adversary infrastructure.

• Monitor emerging threat actor techniques, malware families, and attack trends pertinent to the organization's industry.

• Convert intelligence into practical hunts, detections, and defensive recommendations.

• Assist in the creation of threat hunting playbooks, standard operating procedures, and a general knowledge repository.

• Promote the ongoing enhancement of the threat hunting program through metrics such as hunt coverage, quality of findings, and identification of cyber posture improvements.

• Generate clear and concise reports for both technical and non-technical stakeholders.

⛳️ Requirements

• A minimum of 3 years of experience in cybersecurity operations, with hands-on expertise in threat hunting.

• Comprehensive understanding of adversary behaviors, attack chains, and common tactics across endpoint, network, identity, and cloud environments.

• Experience with SIEM/XDR platforms, log analysis, and security telemetry at scale.

• Familiarity with the threat intelligence lifecycle and the MITRE ATT&CK framework.

• Strong analytical, investigative, and documentation abilities.

• Capability to work independently in an offshore model while effectively collaborating with global teams across different time zones.

• Hands-on experience utilizing Palo Alto Cortex XSIAM for threat hunting, detection engineering, investigation workflows, and alert tuning.

• Experience in developing and operationalizing XSIAM analytics, queries, and investigation playbooks across endpoint, identity, cloud, and network telemetry.

• Extensive experience in hunting and investigating threats within Microsoft Azure environments, including Entra ID (Azure AD), Azure IaaS/PaaS workloads, and cloud identity logs.

• Familiarity with Azure security telemetry (Sign-In Logs, Audit Logs, Defender for Cloud/Endpoint, Azure Activity Logs).

• Experience in correlating cloud, endpoint, and identity signals to identify credential abuse, privilege escalation, lateral movement, and persistence techniques.

• Proficiency in scripting and automation using Python, KQL, PowerShell, or Bash to support hunting, enrichment, and reporting tasks.

• Exposure to malware analysis, OSINT, or threat intelligence platforms (TIPs) to guide hunt hypotheses and detections.

• Preferred Certifications:

• GCED, GCIA, GCIH, or GCED

• OSCP, GPEN, or GWAPT

• Security+, CySA+, or equivalent industry certifications

🏝️ Benefits

• Health insurance

• 401(k) matching

• Flexible work hours

• Paid time off

• Remote work options