L3 Threat Hunter

L3 Threat Hunter – Proactive Breach Detection

We are seeking a highly skilled L3 Threat Hunter to join our client team Cyber Defense. The ideal candidate will be responsible for proactively identifying advanced threats conducting hypothesis-driven threat hunting activities analyzing attacker behavior and strengthening organizational detection capabilities across enterprise environments.

Key Responsibilities

• Conduct proactive threat hunting activities across endpoints networks cloud and SIEM platforms to identify hidden or emerging threats.
• Lead complex investigations involving advanced persistent threats (APTs) insider threats malware activity lateral movement and privilege escalation.
• Correlate telemetry from multiple security tools including SIEM EDR/XDR IDS/IPS firewalls and threat intelligence platforms.
• Develop and automate threat hunting workflows detection use cases and response playbooks using scripting and automation tools.
• Participate as the primary threat hunter during security incidents and support incident response activities.
• Perform forensic analysis on systems endpoints memory logs and network artifacts.
• Collaborate with SOC DFIR Red Team and Detection Engineering teams to improve detection coverage and reduce dwell time.
• Analyze attacker TTPs aligned with frameworks such as MITRE ATT&CK and create actionable detections.
• Conduct threat simulations and validate detection logic against adversary techniques.
• Produce detailed technical investigation reports executive summaries and remediation recommendations.
• Continuously improve hunting methodologies detection content and monitoring strategies.

Required Experience

• Minimum 5 years of cybersecurity experience with strong hands-on expertise in Threat Hunting.
• Proven experience leading threat hunting engagements independently.
• Experience participating in incident response investigations as the primary threat hunter.
• Strong exposure to enterprise SOC operations and advanced cyber defense environments.

Mandatory Technical Skills

• Hands-on expertise with:
  • SIEM platforms (such as Splunk Microsoft Sentinel QRadar ArcSight Elastic)
  • EDR/XDR solutions (such as CrowdStrike Defender Carbon Black SentinelOne)
  • IDS/IPS technologies
  • Threat intelligence platforms
  • Digital forensics and log analysis
• Strong knowledge of:
  • Threat hunting methodologies
  • Data correlation and anomaly detection
  • Malware analysis fundamentals
  • Windows/Linux attack techniques
  • Network traffic analysis
  • MITRE ATT&CK framework
• Experience with scripting and automation using Python PowerShell Bash or similar.
• Exposure to Red Teaming or Penetration Testing activities is highly preferred.

Preferred Qualifications

• Bachelor’s degree in Cybersecurity Computer Science Information Security or related field preferred.
• Strong analytical investigative and reporting skills.
• Ability to work in high-pressure security operations environments.

Mandatory Certifications / Courses

Candidates should possess one or more of the following:

• eCTHP
• eCIR
• GMON
• GCFA
• OSCP
• TH-200

Key Evidence to Verify During Screening

• Threat hunting case studies or investigation examples.
• Evidence of SIEM/EDR implementation and usage.
• Automation or scripting examples related to detection/hunting.
• Incident investigation or forensic reports.
• Ownership of threat hunting activities beyond basic SOC monitoring.