Senior Threat Hunter & Incident Response

Role Overview
As a Senior Threat Hunter & Incident Response , you will play a critical role in safeguarding our organization from advanced cyber threats. This position demands a proactive approach to identifying hidden attack patterns and suspicious activities that bypass traditional security controls, combined with the expertise to lead and execute comprehensive incident response investigations. You will be responsible for both hunting down sophisticated threats before they cause damage and effectively managing security incidents from identification through recovery, ensuring a robust and resilient security posture.

Key Responsibilities
Proactively hunt for advanced threats, suspicious activities, and hidden attack patterns across networks, endpoints, servers, and cloud environments.
Lead and support incident response investigations, including identification, containment, eradication, and recovery efforts.
Perform digital forensic analysis on endpoints, servers, network devices, and cloud environments to determine attack vectors and scope of compromise.
Analyze logs, alerts, and telemetry from SIEM, EDR, NDR, and other security tools to identify Indicators of Compromise (IOCs) and Indicators of Attack (IOAs).
Conduct hypothesis-driven threat hunting, behavioral analysis, and malware analysis to determine behavior and impact.
Investigate advanced persistent threats (APTs), insider threats, and zero-day attacks.
Develop and enhance incident response playbooks, forensic procedures, detection rules, use cases, and playbooks.
Collaborate closely with SOC Analysts, Incident Response teams, Blue Team, IT, and other stakeholders for remediation and security posture strengthening.
Provide recommendations to strengthen security posture and prevent recurrence of security incidents.
Document findings, prepare detailed investigation reports, and provide threat intelligence reports.
Stay updated with emerging threats, attacker Tactics, Techniques, and Procedures (TTPs), and the MITRE ATT&CK framework.

Required Skills
Strong understanding of networking, operating systems (Windows/Linux), and core security concepts.
Hands-on experience with SIEM tools (e.g., Splunk, QRadar, Sentinel) and EDR/XDR solutions (e.g., Crowd Strike, Defender, Carbon Black).
Proficiency in log analysis and threat intelligence correlation.
Demonstrated experience in leading incident response investigations and digital forensics.
Knowledge of the MITRE ATT&CK framework and its application in threat hunting and incident response.
Scripting skills (Python, Power Shell, Bash) are highly preferred.
Excellent analytical, problem-solving, and communication skills.

Minimum Requirements
Bachelor’s degree in computer science, Information Security, or a related field.
3 - 5 years of experience in Computer and Network Security, with a focus on Threat Hunting, Forensic & Incident Response.
Ability to commute to the job's location.
Relevant certifications such as GCED, GCIA, GCIH, CEH, or similar preferred.

Experience with cloud security platforms (AWS, Azure, GCP).