we are seeking a Senior Threat Hunting Researcher for Unit 42s Managed Services group, a senior hands-on role combining threat hunting, detection engineering, and incident investigation experience. You will proactively hunt across diverse telemetry to identify suspicious behaviors and emerging threats that evade traditional security. A key part of the role is translating low-fidelity signals into high-fidelity hunting logic and reusable detection opportunities. You will collaborate with multiple teams to share findings, explain coverage, and support response and improvement efforts.
Key Responsibilities
Proactively hunt for suspicious behaviors, malware activity, threat actor tradecraft, and emerging campaign patterns across large-scale customer telemetry.
Build, validate, and tune hunting and detection logic across multiple data sources and security products.
Translate low-fidelity signals, alerts, incidents, and coverage gaps into high-fidelity hunting content and reusable detection opportunities.
Investigate suspicious activity using available telemetry and clearly communicate findings, limitations, and recommended next steps.
Improve detection quality by reducing false positives, increasing signal fidelity, and identifying meaningful coverage gaps.
Collaborate with MDR, Incident Response, Threat Intelligence, Product, and Engineering to improve protection and operational scalability.
Deliver clear, evidence-based reports and technical findings that help customers understand risk and improve defenses.
Key Responsibilities
Proactively hunt for suspicious behaviors, malware activity, threat actor tradecraft, and emerging campaign patterns across large-scale customer telemetry.
Build, validate, and tune hunting and detection logic across multiple data sources and security products.
Translate low-fidelity signals, alerts, incidents, and coverage gaps into high-fidelity hunting content and reusable detection opportunities.
Investigate suspicious activity using available telemetry and clearly communicate findings, limitations, and recommended next steps.
Improve detection quality by reducing false positives, increasing signal fidelity, and identifying meaningful coverage gaps.
Collaborate with MDR, Incident Response, Threat Intelligence, Product, and Engineering to improve protection and operational scalability.
Deliver clear, evidence-based reports and technical findings that help customers understand risk and improve defenses.
Requirements:
6+ years of hands-on cybersecurity experience across threat hunting, incident response, detection development, security research, SOC, or related security operations.
Strong understanding of attacker tradecraft, threat hunting methodologies, incident investigation workflows, and behavior-based detection concepts.
Hands-on experience with XDR, EDR, SIEM, cloud, identity, or similar security platforms, including alert investigation, telemetry analysis, and detection validation.
Proven experience writing complex hunting, detection, or correlation logic using XQL, SQL, KQL, SPL, or similar query languages.
Ability to translate low-fidelity signals, alerts, incidents, threat intelligence, and coverage gaps into high-fidelity hunting logic and reusable detection opportunities.
Experience creating, tuning, or validating hunting and detection content, including scheduled queries, analytics rules, BIOCs, correlation rules, or similar detection logic.
Strong understanding of detection quality concepts, including true-positive and false-positive analysis, signal-to-noise ratio, tuning, coverage gaps, and operational scalability.
Strong analytical, research, documentation, and communication skills, with the ability to clearly explain technical findings, detection assumptions, and coverage limitations.
Self-starter with strong attention to detail, ownership mindset, and ability to work independently in a fast-changing environment.
Preferred Qualifications
Python, SQL, notebooks, automation, or big-data hunting experience.
Experience with data science, statistics, anomaly detection, clustering, scoring, behavioral baselining, or other analytical hunting techniques.
6+ years of hands-on cybersecurity experience across threat hunting, incident response, detection development, security research, SOC, or related security operations.
Strong understanding of attacker tradecraft, threat hunting methodologies, incident investigation workflows, and behavior-based detection concepts.
Hands-on experience with XDR, EDR, SIEM, cloud, identity, or similar security platforms, including alert investigation, telemetry analysis, and detection validation.
Proven experience writing complex hunting, detection, or correlation logic using XQL, SQL, KQL, SPL, or similar query languages.
Ability to translate low-fidelity signals, alerts, incidents, threat intelligence, and coverage gaps into high-fidelity hunting logic and reusable detection opportunities.
Experience creating, tuning, or validating hunting and detection content, including scheduled queries, analytics rules, BIOCs, correlation rules, or similar detection logic.
Strong understanding of detection quality concepts, including true-positive and false-positive analysis, signal-to-noise ratio, tuning, coverage gaps, and operational scalability.
Strong analytical, research, documentation, and communication skills, with the ability to clearly explain technical findings, detection assumptions, and coverage limitations.
Self-starter with strong attention to detail, ownership mindset, and ability to work independently in a fast-changing environment.
Preferred Qualifications
Python, SQL, notebooks, automation, or big-data hunting experience.
Experience with data science, statistics, anomaly detection, clustering, scoring, behavioral baselining, or other analytical hunting techniques.
This position is open to all candidates.


















