Cyber Threat Investigator

About ColorTokens At ColorTokens, we empower businesses to stay operational and resilient in an increasingly complex cybersecurity landscape. Breaches happen—but with our cutting-edge ColorTokens Xshield™ platform, companies can minimize the impact of breaches by preventing the lateral spread of ransomware and advanced malware. We enable organizations to continue operating while breaches are contained, ensuring critical assets remain protected. Our innovative platform provides unparalleled visibility into traffic patterns between workloads, OT/IoT/IoMT devices, and users, allowing businesses to enforce granular micro-perimeters, swiftly isolate key assets, and respond to breaches with agility. Recognized as a Leader in the Forrester Wave™: Microsegmentation Solutions (Q3 2024), ColorTokens safeguards global enterprises and delivers significant savings by preventing costly disruptions. Join us in transforming cybersecurity. Learn more at www.colortokens.com. Our culture We foster an environment that values customer focus, innovation, collaboration, mutual respect, and informed decision-making. We believe in alignment and empowerment so you can own and drive initiatives autonomously. Self-starters and highly motivated individuals will enjoy the rewarding experience of solving complex challenges that protect some of the world’s impactful organizations - be it a children’s hospital, or a city, or the defense department of an entire country. Job Summary: The Senior Threat Hunter will be responsible for proactively identifying and mitigating advanced threats across enterprise environments. The role involves leveraging behavioural analytics, threat intelligence, and hypothesis-driven hunting to detect stealthy adversaries that evade traditional security controls. Job Title:Senior Threat Hunter Location:Bangalore (on site) Experience Level:5 to 6 years Key Responsibilities: Conduct proactive threat hunting across endpoints, network, cloud, and identity systems using telemetry and behavioral indicators. Develop hunting hypotheses based on current threat landscape, TTPs (MITRE ATT&CK), and internal observations. Perform deep-dive investigations into anomalies and suspicious activity detected by SIEM, EDR, NDR, or XDR platforms. Collaborate with incident response, SOC analysts, and threat intelligence teams to validate and escalate findings. Create and tune detection rules (e.g., in SIEM/XDR) to improve coverage and reduce false positives. Maintain and evolve hunting playbooks and analytical methodologies. Utilize threat intelligence to identify new indicators of compromise (IOCs) and behavioral patterns. Lead post-hunt reviews, documenting findings, root cause, and recommendations. Provide mentorship and training to junior analysts and hunters. Participate in purple team exercises and collaborate with red teams to validate defenses. Required Skills & Experience: 5–6 years of hands-on experience in threat hunting, incident response, or advanced SOC analysis. Strong knowledge of Windows, Linux, and Active Directory internals. Expertise in one or more SIEM/XDR tools (e.g., Stellar Cyber). Proficiency in analyzing network traffic, endpoint logs, and cloud telemetry. Understanding of MITRE ATT&CK, Cyber Kill Chain, and Diamond Model frameworks. Scripting skills in Python, PowerShell, or Bash for automation and data analysis. Experience with threat intelligence feeds, IOC management, and correlation. Strong analytical, problem-solving, and communication skills. Why Join Us? Work on a cutting-edge cybersecurity product in a fast-paced startup environment. Collaborate with a world-class team of engineers and security experts. Opportunity to learn, grow, and make a real impact from day one