Cyber Threat Hunter
Job Summary
The Cyber Threat Hunter will be responsible for proactively identifying analyzing and disrupting advanced threats within the organizations enterprise and cloud environments. This role focuses on hypothesisdriven hunting detection engineering and intelligenceled investigations to uncover adversary activity that has evaded traditional security controls.
As an offshore team member this role will operate in close coordination with onshore Cyber Ops SOC Incident Response and Security Engineering teams providing continuous threat coverage and analytical depth across global time zones.
Key Responsibilities:
Threat Hunting & Detection
- Conduct proactive hypothesisbased threat hunts across endpoint network identity cloud and SaaS telemetry to identify unknown or emerging threats.
- Leverage MITRE ATT&CK to design and execute hunt scenarios aligned to known adversary tradecraft.
- Identify stealthy behaviors such as livingofftheland techniques credential abuse lateral movement and commandandcontrol activity.
- Develop and refine detection logic analytics and queries within SIEM/XDR platforms (e.g. Cortex XSIAM or equivalent).
Investigation & Response Support
- Perform deepdive investigations and escalate confirmed threat activity with clear evidence and recommendations.
- Partner with Incident Response teams during active incidents to provide threat context scoping and root cause analysis.
- Validate and tune alerts to reduce false positives while improving detection efficacy.
Threat Intelligence Integration
- Correlate internal telemetry with threat intelligence feeds to identify active campaigns exploited vulnerabilities and adversary infrastructure.
- Track emerging threat actor techniques malware families and attack trends relevant to the organizations industry.
- Translate intelligence into actionable hunts detections and defensive recommendations.
Engineering Automation & Program Maturity
- Contribute to the development of threat hunting playbooks standard operating procedures and knowledge repository in general.
- Support continuous improvement of the threat hunting program through metrics such as hunt coverage findings quality cyber posture enhancement identification.
- Produce clear concise reports for both technical and nontechnical stakeholders.
Qualifications:
- 3 years of experience in cybersecurity operations with handson experience in threat hunting.
- Strong understanding of adversary behaviors attack chains and common tactics across endpoint network identity and cloud environments.
- Experience working with SIEM/XDR platforms log analysis and security telemetry at scale.
- Familiarity with threat intelligence lifecycle and MITRE ATT&CK framework.
- Strong analytical investigative and documentation skills.
- Ability to work independently in an offshore model and collaborate effectively with global teams across time zones.
Preferred
- Handson experience using Palo Alto Cortex XSIAM for threat hunting detection engineering investigation workflows and alert tuning.
- Experience developing and operationalizing XSIAM analytics queries and investigation playbooks across endpoint identity cloud and network telemetry.
- Strong experience hunting and investigating threats in Microsoft Azure environments including Entra ID (Azure AD) Azure IaaS/PaaS workloads and cloud identity logs.
- Familiarity with Azure security telemetry (SignIn Logs Audit Logs Defender for Cloud/Endpoint Azure Activity Logs).
- Experience correlating cloud endpoint and identity signals to detect credential abuse privilege escalation lateral movement and persistence techniques.
- Scripting and automation experience using Python KQL PowerShell or Bash to support hunting enrichment and reporting.
- Exposure to malware analysis OSINT or threat intelligence platforms (TIPs) to inform hunt hypotheses and detections.
Preferred Certifications:
- GCED GCIA GCIH or GCED
- OSCP GPEN or GWAPT
- Security CySA or equivalent industry certifications
About Company
COVID-19 presents an unprecedented and challenging situation for all of us. At Conduent, our top priority is to protect our associate base and the communities where we live and work, while continuing to serve and help our clients at a time when they need us most. We’d like to thank ev ... View more