The Cyber Threat Intelligence Hunter will sit within Unit 42 Managed Threat Hunting and support proactive, intelligence-led hunting across customer environments. This role combines hands-on threat hunting with cyber threat intelligence analysis, helping multinational organizations stay one step ahead of adversaries and cyber threats.
Key Responsibilities
Analyze public and private threat intelligence, Unit 42 research, adversary campaigns, malware activity, infrastructure, indicators, and TTPs.
Translate threat intelligence into actionable hunting hypotheses, investigation workflows, hunting queries, and customer-facing findings.
Execute existing threat hunting reports and hunting workflows, investigate results, and support timely customer reporting.
Investigate scheduled hunt detections and compose clear, professional reports when relevant.
Investigate hunting leads based on IOCs, threat intelligence, internal detections, customer telemetry, and emerging adversary behaviors.
Monitor the threat landscape and prepare initial context for emerging campaigns, enabling the global team to continue deeper investigation and hunting.
Collaborate with threat hunters, detection engineers, incident responders, MDR, and Unit 42 researchers to operationalize intelligence quickly and effectively.
Escalate major, unclear, or high-impact security events to the Threat Hunting leadership team when necessary.
Provide ongoing feedback on findings, hunting reports, queries, intelligence workflows, and operational processes to support continuous improvement.
Key Responsibilities
Analyze public and private threat intelligence, Unit 42 research, adversary campaigns, malware activity, infrastructure, indicators, and TTPs.
Translate threat intelligence into actionable hunting hypotheses, investigation workflows, hunting queries, and customer-facing findings.
Execute existing threat hunting reports and hunting workflows, investigate results, and support timely customer reporting.
Investigate scheduled hunt detections and compose clear, professional reports when relevant.
Investigate hunting leads based on IOCs, threat intelligence, internal detections, customer telemetry, and emerging adversary behaviors.
Monitor the threat landscape and prepare initial context for emerging campaigns, enabling the global team to continue deeper investigation and hunting.
Collaborate with threat hunters, detection engineers, incident responders, MDR, and Unit 42 researchers to operationalize intelligence quickly and effectively.
Escalate major, unclear, or high-impact security events to the Threat Hunting leadership team when necessary.
Provide ongoing feedback on findings, hunting reports, queries, intelligence workflows, and operational processes to support continuous improvement.
Requirements:
4+ years of experience in tactical threat hunting, cyber threat intelligence (CTI), DFIR, or advanced security operations.
Strong background in tactical threat intelligence, specifically identifying the discrete traces, artifacts, and behavioral fingerprints left by adversaries across diverse telemetry sources (endpoint, network, cloud, and identity).
Experience capturing and modelling incident data to map out intrusions and understand attacker behaviours.
Proven ability to develop & deliver verbal & written technical findings of attacker behaviour into clear, high-impact notifications for customers.
Experience translating threat intelligence into high-fidelity hunting hypotheses, detection logic, and log-based queries.
Preferred Qualifications
Experience in an Incident Response or Managed Services environment
Proficiency in Python and SQL
Familiarity with malware analysis
Published security blogs or research that shows a deep understanding of a particular threat.
4+ years of experience in tactical threat hunting, cyber threat intelligence (CTI), DFIR, or advanced security operations.
Strong background in tactical threat intelligence, specifically identifying the discrete traces, artifacts, and behavioral fingerprints left by adversaries across diverse telemetry sources (endpoint, network, cloud, and identity).
Experience capturing and modelling incident data to map out intrusions and understand attacker behaviours.
Proven ability to develop & deliver verbal & written technical findings of attacker behaviour into clear, high-impact notifications for customers.
Experience translating threat intelligence into high-fidelity hunting hypotheses, detection logic, and log-based queries.
Preferred Qualifications
Experience in an Incident Response or Managed Services environment
Proficiency in Python and SQL
Familiarity with malware analysis
Published security blogs or research that shows a deep understanding of a particular threat.
This position is open to all candidates.
