Full-Time Threat Hunter

Threat Hunter identifies threat actor tactics, techniques, and procedures (TTPs) by analyzing large data sets and correlating information and behavioral indicators.

Proactive threat identification and analysis: Identifies and analyzes emerging threats, supports security operations and response teams, mentors and shares knowledge, contextualizes threats to business operations.

Daily Activities: Actively hunts for indicators of compromise (IOCs) and advanced persistent threat (APT) tactics, techniques, and procedures (TTPs). Researches new threats, identifies improvement opportunities.

1. Search vast datasets (security event logs, network security logs, endpoint data, cloud security logs) to uncover hidden threats and indicators of compromise (IOCs).
2. Create and refine complex analytical queries for behavioral TTP hunting, informed by threat intelligence.
3. Seek input from team members and subject matter experts to refine hunting data and build context for hunts and alerts.
4. Innovate hunting query development, leveraging all relevant data sources.
5. Create, recommend, and assist with the development of security content resulting from threat hunting.
6. Review data from incident writeups, malware reports, and other technical documentation.
7. Participate in purple team exercises, collaborating with detection and response teams.
8. Write technical threat hunt reports highlighting activities, results, escalations, remediation items, and gaps.

Required Experience and Skills:

• Minimum 3 years of cybersecurity experience in threat hunting, incident response, digital forensics, cyber intelligence, or related fields.
• Expert knowledge of security technologies and data sets (operating system logs, network logs, EDR, cloud environments).
• Tactical, operational, and strategic knowledge of the cyber threat landscape.
• Knowledge of security frameworks (MITRE ATT&CK, Kill Chain, Diamond Model, NIST Incident Response).
• Experience in network and host-based analysis and investigation.
• Experience with Splunk, LogScale, EDR, or other SIEM technologies and query languages.
• Understanding of complex enterprise networks (endpoint, network, email, identity management).
• Deep understanding of network and host-based security concepts (protocols, operating systems, authentication).
• Excellent analytical and problem-solving skills, detail-oriented, strong communication skills.
• Understanding of cloud technologies and security implications.

Additional Details:

• Fully Remote position.
• Eligibility for company-sponsored benefits (medical, dental, vision, 401(k), paid leave, tuition reimbursement).
• External candidates may be required to attend an in-person interview.
• Equal opportunity employer.
• Reasonable accommodations for individuals with disabilities.
• Consideration for applicants with criminal histories (LA County and City residents only).

Salary Range: $130,000 - $160,000

What is the last date for applying to the job?

Which countries are accepted for this remote job?