• Plan, scope, lead and participate in threat hunt missions, using threat intelligence, independent research, previously identified suspicious or anomalous activity, previous events/incidents (simulated or real) and brainstorming sessions.
• Independently research emerging threats and adversary TTP's in preparation and support of Threat Hunt missions.
• Convert intelligence into actionable threat hunting hypotheses and suppositions.
• Develop KQL queries and/or leverage other security tools to hunt for anomalous or malicious behavior within large sets of data.
• Analyze results of hunts to identify and report on security threats or risks. Provide mitigation, best practices, and technical control recommendations, when possible.
• Identify, research, and recommend/implement improvements to logging, monitoring and detection capabilities against emerging threats.
• Assist NTC3 as a member of the IR team during major incidents by providing advanced event and incident analysis and, when needed, forensic analysis.
• Identify and/or develop opportunities for workflow automation.
• Create and deliver presentations and trainings to audiences of all levels.
• Train and mentor junior threat hunters.

Desired Skills

• Strong attention to detail
• Self-motivated individual who will take ownership of tasks and projects
• Familiar with adversary techniques and attack lifecycles
• Understanding of threat hunting methodologies
• Ability to be discrete and exercise judgment while performing job duties

Desired Experience

• Bachelor's degree in a relevant field or comparable work experience
• Experience defending or responding to simulated or real-world attacks
• Experience with MITRE ATT&CK Framework
• 5+ years of experience in a technical role in the areas of Security Operations, Threat Intelligence, Cyber Incident Response, or Penetration Testing/Red Team.
• Technical Security certifications (Ex: OSCP, SANS GIAC, CISSP)