Threat Hunter-L3

Key Responsibilities Proactively hunt for threats across endpoints, network, cloud, and SIEM data sources. Develop and test threat hypotheses using cyber threat intel (CTI), ATT&CK framework, and past incident data. Analyze logs, events, and telemetry from SIEM, EDR, NDR, and cloud security tools. Identify patterns, anomalies, and Indicators of Attack (IOA) / Indicators of Compromise (IOC). Create threat detection use cases, rules, and dashboards in SIEM/EDR platforms. Work closely with SOC teams to improve detection coverage and reduce false positives. Conduct root-cause analysis of suspicious activity and recommend long-term fixes. Build, document, and maintain threat hunting playbooks. Stay updated with emerging threats, APT groups, TTPs, and security trends. Collaborate with Incident Response, Red Team, and Vulnerability Management teams. Required Skills & Qualifications Strong understanding of cybersecurity fundamentals, threat types, and attack techniques. Hands-on experience with SIEM tools (Splunk / QRadar / Sentinel / Chronicle / Elastic). Experience with EDR platforms (CrowdStrike, Defender, Carbon Black, SentinelOne). Good knowledge of MITRE ATT&CK, Cyber Kill Chain, and threat modeling. Ability to analyze large datasets and identify suspicious behavior. Experience creating custom detections, correlation rules, and use cases. Strong skills in log analysis (Windows, Linux, network devices, cloud logs, etc.). Scripting knowledge (Python / PowerShell) is preferred. Experience with threat intelligence platforms is an added advantage. Preferred Qualifications Relevant certifications: GCIA, GCIH, GCFA, GCTI Threat Hunting-focused certs (e.g., SANS SEC555) Experience in SOC L2/L3, DFIR, or Red Teaming roles. Knowledge of cloud security (AWS, Azure, GCP). Soft Skills Strong analytica