A dedicated and detail-oriented Threat Hunting Analyst with over 18 months of experience in cybersecurity operations, specializing in proactively looking for signs of attackers inside an organization’s environment—before alerts, incidents, or damage occur. Unlike traditional security roles that react to alarms, threat hunters assume compromise and actively search for hidden or stealthy threats.
A Threat Hunting Analyst must focus on searching for malicious behaviour that automated tools may miss, using human intuition, context, and hypotheses rather than waiting for alerts, in order to find advanced, persistent, and stealthy attackers.
Key responsibilities:
- Proactively conduct threat hunts to identify malicious activity that bypassed automated detections, reducing attacker dwell time.
- Develop hypothesis-driven hunts based on adversary tactics, techniques, and procedures (TTPs) using the MITRE ATT&CK framework.
- Analyse endpoint, network, authentication, and log telemetry to detect indicators of compromise (IOCs) and anomalous behaviour.
- Investigate suspicious activity involving credential misuse, lateral movement, persistence mechanisms, and living-off-the-land techniques.
- Correlate data across SIEM, EDR/XDR, and network security tools to validate potential threats and scope impact.
- Leverage threat intelligence reports and internal telemetry to identify emerging attacker behaviours relevant to the environment.
- Escalate confirmed malicious activity to incident response teams with detailed findings, timelines, and supporting evidence.
- Support incident investigations by providing root cause analysis and attacker activity reconstruction.
Your Profile:
- SIEM / EDR query usage
- Windows, Linux, and macOS internals
- Networking fundamentals
- Malware behaviour basics
- Scripting and automation
- Log analysis and query writing Analytical Skills
- Pattern recognition
- Hypothesis-driven investigation