Lead Threat Hunter Role
The team's objective is to identify and disrupt cyber threats that evade standard security measures. As a Lead Threat Hunter, you will lead the threat hunting team in actively discovering and disrupting adversarial operations.
The Cyber Threat Hunting team is comprised of skilled professionals with expertise in DFIR, data analytics, and dissecting cyber threat actor behavior. Our mission is to contribute to the Group's cyber resiliency by operationalising gathered intelligence.
* We strive for excellence through the optimised use of people, process, and technology.
* Responsibility and leadership drive high-quality outcomes across all levels of the team.
Key Responsibilities:
1. Coordinate the threat hunt team's workload to maintain a prioritised backlog of hypotheses aligned to threat intelligence.
2. Oversee the findings management process to ensure timely dissemination of intelligence and tracking of remediation progress.
3. Generate and execute hypothesis-based hunts contributing to the team's operational targets.
4. Collaborate with internal teams to align hunt processes with broader detection and response strategies.
5. Enhance platforms, automate tasks, and embed AI into threat hunt processes to increase productivity.
6. Mentor and support the development of the threat hunt team fostering a culture of continuous learning.
7. Stay updated on emerging threats, APT groups, and attack vectors.
Essential Skills and Qualifications:
* Proven experience leading a Threat Hunt team or similar roles in Incident Response, SOC, or defensive/offensive disciplines.
* Expert knowledge and hands-on experience investigating real-world cyber-attacks in various environments.
* Exposure to offensive security principles and hacking techniques.
* Understanding of artificial intelligence and automation in threat hunting.
* Familiarity with frameworks like PEAK, MITRE ATT&CK, and MITRE ATLAS.
* Practical experience with YARA, SIGMA, and SNORT rules.
* Threat intelligence cycle and OSINT techniques understanding.
Technical Proficiencies:
* Adversary tactics and techniques (MITRE ATT&CK)
* Threat hunting methodologies (PEAK)
* Security tools and monitoring (SIEM, EDR, IDS)
* Detection engineering and scripting
* Incident response and forensics
* Infrastructure, network, OS, and cloud expertise
Desirable skills include coding experience using Python, familiarity with AI architecture, and Jupyter Notebook proficiency for data modelling and visualisation.