Advanced Threat Hunter and Security Architect

Job Title: Advanced Threat Hunter and Security Architect

Job Description:

The ideal candidate will lead proactive threat hunting initiatives aligned with the Mitre Att&ck framework to identify, investigate, and mitigate advanced threats and adversary behaviors. They will use telemetry from Microsoft Sentinel, CrowdStrike Falcon, MDE, and other tools to detect anomalies and emerging attack patterns.

They will develop and optimize threat hunting queries and playbooks using KQL, Python, and PowerShell, continuously improving detection coverage to reduce dwell time and prevent breaches.

Key Responsibilities:

• Threat Hunting:
• Lead proactive threat hunting initiatives aligned with Mitre Att&ck framework to identify, investigate, and mitigate advanced threats and adversary behaviors.
• Use telemetry from Microsoft Sentinel, CrowdStrike Falcon, MDE, and other tools to detect anomalies and emerging attack patterns.
• Develop and optimize threat hunting queries and playbooks using KQL, Python, and PowerShell.
• Continuously improve detection coverage to reduce dwell time and prevent breaches.
• Incident Response:
• Design, implement, and maintain an effective Incident Response (IR) program and playbooks covering APTs, ransomware, insider threats, and complex multi-stage attacks.
• Lead investigations on high-fidelity security alerts, conduct root cause analysis, containment, eradication, and recovery.
• Utilize CrowdStrike Falcon EDR (including RTR), Microsoft Defender for Endpoint, and Tenable for comprehensive endpoint and vulnerability correlation during incidents.
• Perform network forensics and packet analysis using Fortinet and Palo Alto firewall logs.
• Manage cloud security incidents within Azure (Azure Sentinel, Security Center) and Microsoft 365 environments.
• Coordinate with internal teams and external partners for timely, coordinated response to security incidents.
• SOC Engineering & Program Maturity:
• Build and mature the SOC's SIEM and SOAR architecture, detection engineering, and response automation.
• Develop advanced detection logic, hunting queries, and automation workflows.
• Mentor junior SOC members and act as a technical escalation point.
• Collaborate with managed SOC partners and other security teams to enhance detection and response capabilities.

Required Skills and Qualifications:

• 7+ years of hands-on experience in SOC engineering, with a strong focus on threat hunting and incident response.

Expertise:

• Microsoft Sentinel (SIEM & SOAR) and advanced KQL queries for hunting and IR.
• CrowdStrike Falcon EDR (RTR, IOAs, threat containment).
• Microsoft Defender for Endpoint (MDE) telemetry and IR.
• Tenable vulnerability correlation during investigations.
• Fortinet and Palo Alto firewalls for forensic analysis.
• Microsoft Entra ID (Azure AD), SSO, Conditional Access, MFA security controls.
• Deep operational knowledge of Mitre Att&ck for threat hunting, detection tuning, and adversary simulation.
• Proven ability to analyze and respond to APTs, malware persistence, lateral movement, privilege escalation, command & control, and data exfiltration incidents.
• Strong scripting skills (KQL, Python, PowerShell) for threat hunting automation and incident response workflows.
• Experience with SOAR platforms integration and automation (Microsoft Sentinel SOAR, Palo Alto XSOAR).
• Excellent communication, collaboration, and mentoring abilities.
• Must be able to work U.S. business hours (PST timezone).

Preferred Certifications:

• GCFA, GCIH, GCTI, CISSP, AZ-500, MS-500, or equivalent.
• Mitre Att&ck Defender (MAD), OSCP, or Red Team certifications are a strong plus.

Benefits:

• Comprehensive benefits package.

• Opportunities for professional growth and development.

• Collaborative and dynamic work environment.

• Recognition and rewards for outstanding performance.

How to Apply:

Submit your resume and cover letter to apply for this exciting opportunity.

• Include your relevant work experience and skills.

• Highlight your achievements and qualifications.

• Show enthusiasm and passion for security and threat hunting.

Disclaimer:

The information provided is accurate at the time of posting. However, we reserve the right to modify or change the terms and conditions of the job without notice.