Manager (IC) - Threat Hunting

Reporting Structure

Reports to Chief Manager - Security Operations Cyber Security

Designation

Program Lead Threat hunting

Education:

University degree in the field of computer science Or IT is preferable. However, any graduate with relevant experience and technical certifications in the domain can be considered for the Vacancy.

Desired Experience/Exposure

• Minimum 10 years of experience in a technical role in the areas of Security Operations, Cyber Incident Response with extensive experience performing Threat hunting on IT Systems, Network and Endpoints. With at least 7 years in threat hunting, incident response, or SOC roles.
• Proficiency in SIEM platforms (Splunk, Sentinel, QRadar, etc.) XDR and EDR tools (CrowdStrike, Carbon Black, etc.).
• Experience with scripting (Python, PowerShell, etc.) and automating threat detection or hunting tasks.
• Strong understanding of Windows, Linux, and network protocols.
• Familiarity with threat intelligence sources and frameworks (MITRE ATT&CK, Diamond Model, Cyber Kill Chain).
• Ability to proactively find cybersecurity threats and mitigate them.
• Knowledge about Advanced persistent threats and treat actors, their TTPs. Ability to recognize attack patterns and corelate them with specific threat actors.
• Ability to obtain as much information on threat behaviour, goals and methods as possible.
• Knowledge of Analytics platforms for carrying out detailed analytics of obtained telemetry.

Industry

Financial Domain (Banking / NBFC experience is desirable)

Responsibilities

Use Various available Security controls and the telemetry data within to conduct proactive threat hunts using a hypothesis-based approach.

• Coordinate with various stakeholders to obtain the data as required.
• Conduct proactive threat hunting across systems, networks, and endpoints using a variety of tools and data sources.
• Analyse large datasets (logs, packet captures, alerts) to identify anomalies, malicious activity, and Indicators of Compromise (IOCs).
• Develop and test hunting hypotheses based on threat intelligence, adversary emulation, and red team activities.
• Collaborate with SOC analysts, incident responders, and threat intelligence teams to improve detection rules and response strategies.
• Create custom detection logic and fine-tune SIEM/EDR alerts.
• Provide detailed reports and briefings to stakeholders about findings and mitigation strategies.
• Continuously improve hunting methodologies, automation, and use of threat hunting frameworks (e.g., MITRE ATT&CK).
• Stay current on emerging threats, vulnerabilities, and cyber-attack techniques.
• Identify Risks and Threats based on threat hunts undertaken.

• Communicate with Senior Management and other stakeholders about the findings and to take necessary actions.
• Work with Security Operations to take the identified anomalies to a conclusion.
• Prepare monthly reports on threat hunts and able to showcase ROI of the overall threat hunting program.

Certifications

• Security certifications such as GCFA, GCTI, GCIA, OSCP, CEH, or similar.
• Experience using threat hunting platforms or custom-built hunting environments.