Cyber Threat Investigator

Threat Hunting & Incident Response (IR) Expert

🕒 Employment Type: Full-time

🏠 Work Model: Hybrid – 1 day from home

🔍 What you'll be doing:

• 🕵️‍♀️ Threat Hunting – Identify hidden threats, anomalies, and suspicious activities not caught by existing tools, using advanced techniques and data analysis.
• 🚨 Incident Response (IR) – Manage the full lifecycle of cyber incidents: detection, containment, investigation, root cause analysis, and lessons learned.
• 🌐 Threat Intelligence – Understand attacker TTPs (APT groups, ransomware, etc.) and apply intelligence to strengthen our defenses.
• ⚙️ Capability Development – Build tools, scripts, and playbooks to enhance IR and threat hunting. Improve and optimize SIEM, EDR/XDR, and other security systems.
• 🤝 Cross-Team Collaboration – Work closely with security, IT, dev, and infrastructure teams to strengthen security posture across the board.
• 📝 Documentation & Reporting – Create detailed reports and incident documentation, share insights with relevant stakeholders.

✅ What we're looking for:

• 🎯 Proven experience in Threat Hunting and/or Incident Response (Blue/Red/Purple Team).
• 💻 Strong hands-on experience with SIEM / SOAR / EDR / XDR tools (e.g., Splunk, Microsoft Sentinel, Elastic SIEM, CrowdStrike, SentinelOne, Palo Alto XDR).
• 🧠 Deep understanding of operating systems (Windows, Linux, macOS) and communication protocols (TCP/IP, HTTP/S, DNS).
• 🔍 Skilled in investigating and analyzing cyber threats and attacker methodologies (TTPs), with knowledge of frameworks like MITRE ATT&CK.
• 📊 Experience working with diverse log sources (Endpoint, Network, Cloud, Identity).
• 🧑‍💻 Scripting and automation skills (Python, PowerShell) – a big plus.
• 📜 Relevant cybersecurity certifications (e.g., GCFE, GCFA, GCIH) – an advantage.
• 🧩 Strong analytical thinking, curiosity, teamwork, and the ability to work independently.
• 💬 High-level English – spoken, written, and reading comprehension.