Threat Intelligence Engineer

Required Skills & Experience
Strong understanding of security logs, telemetry, and data analysis.
Hands-on experience with SIEM and EDR platforms.
Solid knowledge of Windows and Linux operating systems.
Working knowledge of networking concepts and protocols.
Practical understanding of MITRE ATT&CK framework.
Ability to analyse and interpret complex security data.
Basic scripting or query writing skills (KQL, SPL, SQL, Python, etc.)

Authority & Decision Scope
Executes threat hunts and investigations within defined scope.
Escalates confirmed threats and recommendations to senior stakeholders.
Operates under established threat hunting strategies and governance.

Responsibilities
Perform proactive threat hunting across endpoint, network, cloud, and identity logs to identify stealthy or undetected threats.
Develop and execute hunt hypotheses based on attacker TTPs, threat intel, and MITRE ATT&CK techniques.
Investigate suspicious activity and correlate events across SIEM, EDR, NDR, firewall, and AD logs.
Convert hunt findings into actionable detection rules, alerts, and analytics use-cases.
Create suggestions to optimize SIEM detection queries / correlation rules to reduce false positives.
Work on medium-to-complex L2 incident investigations, including lateral movement & persistence analysis.
Perform IOC and TTP mapping, enrichment, and validation using internal & external intel sources.
Collaborate with SOC, DFIR, and Threat Intel teams during investigations and incident response.
Support creation of behaviour-based and anomaly detections instead of IOC-only detections
Contribute to purple-team exercises and validate detections against simulated attacks
Analyze EDR telemetry and endpoint artifacts to identify malicious behaviour patterns
Assist in onboarding new log sources and improving telemetry coverage for hunting & detection
Maintain and update documentation for hunt plans, detection logic, playbooks, and investigation reports, and create quarterly reports that consolidate and summarize these hunting activities, detection logic, playbooks, and investigation outcomes.
Share knowledge with L1/L2 analysts and contribute to building repeatable hunting workflows

Skills & Experience Required
3-5 years of experience in Threat Hunting / Detection Engineering / SOC / IR.
Strong experience with at least one SIEM (Log Rythm/ QRadar..etc.)
Hands-on experience with EDR / XDR platforms (Sentinel One/Crowd Strike ...etc.)
Sigma / YARA style detection patterns.
Solid understanding of:
Windows/Linux internals
Active Directory & authentication logs
Network traffic & protocols (DNS, HTTP, SMB, RDP)
Familiarity with MITRE ATT&CK mapping & threat actor behaviours
Experience performing IOC / TTP-driven investigations
Scripting knowledge preferred (Python / Power Shell / Bash)
Strong analytical thinking, documentation, and communication skills

Certifications/ Good to Have/ such as:

Experience with SOAR / automation workflows
Exposure to cloud telemetry (Private Cloud)
Participation in purple-team or red-blue simulations
SC-200 / AZ-500
Security+ / Blue Team certs
GIAC Certified Forensic Analyst (GCFA), GIAC Certified Forensic Examiner (GCFE), CompTIA Cybersecurity Analyst (CySA+), GCTI, FOR
508 preferred.