About Gruve
Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks.
About The Role
Gruve Technologies is looking for an experienced
Threat Hunter Analyst
to join our cybersecurity team. The ideal candidate will proactively search for advanced threats, identify stealthy adversaries, and lead investigations of complex security incidents. This role requires a combination of deep technical expertise, threat intelligence knowledge, and hands-on experience with SIEM, EDR, NDR, and SOAR platforms. You will collaborate closely with SOC analysts, incident responders, and security engineers to enhance detection capabilities, improve incident response, and strengthen overall organizational security posture.
Key Responsibilities
- Leads the investigation of security incidents escalated by the Tier-1 and Tier-2 analysts.
- Conduct hypothesis-driven and data-driven hunts across endpoints, networks, cloud, and applications.
- Use threat intelligence, behavioral analytics, and anomaly detection to identify stealthy adversaries.
- Apply the MITRE ATT&CK framework to map and track adversary techniques.
- Analyze logs, packet captures, endpoint data, and memory dumps to identify suspicious patterns.
- Correlate hunting findings with SIEM/SOAR alerts and enrich incident investigations.
- Conduct root cause analysis and provide actionable recommendations.
- Leverage internal and external threat intelligence feeds to guide hunting activities.
- Identify emerging threats and adapt detection strategies accordingly.
- Share insights with SOC engineers to improve detection rules and use cases.
- Work closely with SOC analysts, incident responders, and security engineers.
- Document hunting methodologies, findings, and lessons learned.
- Conduct knowledge transfer sessions and mentor SOC staff on advanced detection techniques.
- Develop new detection rules, playbooks, and queries for SIEM, EDR, and NDR platforms.
- Recommend automation opportunities to reduce manual effort.
Required Skills & Qualifications
- Bachelor’s degree in Cybersecurity, Computer Science, or related field.
- 4–6 years of experience in security operations, with at least 2+ years in threat hunting or advanced detection.
- Strong knowledge of Windows, Linux, and cloud environments (AWS/Azure/GCP).
- Expertise in SIEM (Splunk, QRadar, Elastic, etc.), EDR (CrowdStrike, SentinelOne, Carbon Black), and packet analysis tools (Wireshark, Zeek).
- Familiarity with MITRE ATT&CK, cyber kill chain, and TTP-based analysis.
- Scripting skills (Python, PowerShell, Bash) for custom hunting queries and automation.
- Certifications preferred: GCTI, GCFA, GCIH, CHFI, CEH, or equivalent.
Why Gruve
At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you.Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.
