Job Description
Position Overview The Cyber Threat Hunter proactively protects enterprise environments from advanced cyber threats by analyzing network, endpoint, and log data to identify malicious activity that may evade conventional security controls. This role establishes normal traffic and data-flow baselines, detects anomalies, develops threat hypotheses, and investigates adversary tactics, techniques, and procedures to strengthen cyber defense and incident response operations. This role directly supports a proactive SOC model by contributing to detection engineering, monitoring enhancements, automation development and continuous gap analysis to identify and mitigate emerging threats before they materialize. Key Responsibilities Conduct proactive threat hunting across networks, endpoints, and security datasets to identify, isolate, and help eradicate advanced threats before they impact operations. Analyze logs from multiple sources, including packet captures, correlation engines, parsed security data, and endpoint telemetry, to detect suspicious behavior and validate threat activity. Establish and maintain baseline patterns for normal traffic, system activity, and data flows to improve anomaly detection and investigative accuracy. Collaborate closely with SOC analysts and detection engineers to recommend new alerts, analytics, and monitoring logic based on threat hunting findings, emerging trends, and identified visibility gaps. Develop automation scripts and workflows (using SOAR platforms, Python, PowerShell, or similar tools) to streamline threat hunting activities, automate repetitive analytical tasks, and reduce detection and response time. Research and track adversary tactics, techniques, and procedures (TTPs), developing technical hypotheses and investigative leads based on threat intelligence and observed behavior