DFI/Threat Hunter Lead

Level

• Lead the development of threat hunting hypotheses using threat intelligence, MITRE ATT&CK, and kill chain models
• Guide the team in conducting hunts across SIEM, EDR/XDR, and network telemetry to uncover hidden threats
• Validate and refine threat intelligence to ensure it is actionable and relevant
• Translate hunting outcomes into detection logic and use cases for SIEM and SOAR platforms
• Collaborate with content developers to build and tune correlation rules and analytics
• Identify gaps in visibility and recommend improvements to logging and telemetry coverage
• Escalate confirmed findings to L3 incident response teams with detailed evidence and RCA
• Recommend preventive and detective countermeasures (eg, policy changes, new rules)
• Support RCA documentation and post-incident reviews
• Perform forensic acquisition and analysis of endpoints, servers, and cloud workloads involved in security incidents
• Extract and preserve digital evidence in accordance with legal and compliance standards
• Conduct timeline analysis, memory forensics, and disk image reviews to reconstruct attacker activity
• Deliver weekly/monthly reports on threat hunting activities, findings, and trends
• Participate in governance forums and contribute to executive dashboards
• Ensure alignment with SLA/KPI metrics and compliance requirements
• Mentor junior threat hunters and analysts on hypothesis building, investigation techniques, and tool usage
• Conduct knowledge-sharing sessions and contribute to skills development plans
• Coordinate with CTI, SOC, and engineering teams to align hunting with broader security goals

Tool / Technology