Threat Hunter Analyst

About the Role

Threat Hunter Analyst

Key Responsibilities

• Leads the investigation of security incidents escalated by the Tier-1 and Tier-2 analysts.
• Conduct hypothesis-driven and data-driven hunts across endpoints, networks, cloud, and applications.
• Use threat intelligence, behavioral analytics, and anomaly detection to identify stealthy adversaries.
• Apply the MITRE ATT&CK framework to map and track adversary techniques.
• Analyze logs, packet captures, endpoint data, and memory dumps to identify suspicious patterns.
• Correlate hunting findings with SIEM/SOAR alerts and enrich incident investigations.
• Conduct root cause analysis and provide actionable recommendations.
• Leverage internal and external threat intelligence feeds to guide hunting activities.
• Identify emerging threats and adapt detection strategies accordingly.
• Share insights with SOC engineers to improve detection rules and use cases.
• Work closely with SOC analysts, incident responders, and security engineers.
• Document hunting methodologies, findings, and lessons learned.
• Conduct knowledge transfer sessions and mentor SOC staff on advanced detection techniques.
• Develop new detection rules, playbooks, and queries for SIEM, EDR, and NDR platforms.
• Recommend automation opportunities to reduce manual effort.

Required Skills & Qualifications

• • Bachelor’s degree in Cybersecurity, Computer Science, or related field.
  • 4–6 years of experience in security operations, with at least 2+ years in threat hunting or advanced detection.
  • Strong knowledge of Windows, Linux, and cloud environments (AWS/Azure/GCP).
  • Expertise in SIEM (Splunk, QRadar, Elastic, etc.), EDR (CrowdStrike, SentinelOne, Carbon Black), and packet analysis tools (Wireshark, Zeek).
  • Familiarity with MITRE ATT&CK, cyber kill chain, and TTP-based analysis.
  • Scripting skills (Python, PowerShell, Bash) for custom hunting queries and automation.
  • Certifications preferred: GCTI, GCFA, GCIH, CHFI, CEH, or equivalent.