Conduct proactive threat hunting across Cloud and On‑Prem enterprise environments to identify malicious activity, anomalies, and emerging threats.
Perform in‑depth investigations using SIEM technologies, leveraging strong query and analysis skills to detect adversary behaviors and indicators of compromise.
Analyze authentication flows, access patterns, and system telemetry to uncover potential compromise or advanced attacker techniques.
Utilize cyber threat intelligence, the MITRE ATT&CK framework, and emerging threat research to inform hunting strategies and detection engineering.
Investigate and respond to high‑impact security incidents, collaborating closely with CSIRT and cross‑functional teams to contain and remediate threats.
Partner with SIEM administrators, vendors, and offensive cybersecurity teams to enhance threat visibility and detection capabilities.
Develop and maintain detection logic, contributing to the full detection development lifecycle and identifying opportunities for detection improvements.
Document findings, investigations, and procedures with strong writing, communication, and operational discipline.
Support continuous improvement efforts, including planning, operational procedure refinement, and readiness activities within the CSIRT.
Provide after‑hours support as part of a rotating on‑call schedule, including responding to high‑priority alerts and security incidents.

Extensive experience operating in a large-scale, global enterprise cybersecurity environment with complex, distributed infrastructure.
Advanced threat hunting experience across hybrid environments, including cloud and on-premises ecosystems, with a strong command of threat hunting methodologies, cyber threat intelligence, and practical application of the MITRE ATT&CK framework to drive hypothesis-based hunts.
Expert-level understanding of incident response operations, including leading investigations, containment and remediation efforts, root cause analysis, and post-incident improvements.
Significant experience with enterprise-grade SIEM platforms, including authoring complex queries, tuning detections at scale, and analyzing high-volume, diverse telemetry sources.
Demonstrated experience developing, validating, tuning, and maintaining detections derived from threat hunting findings and real-world adversary activity.
Experience mentoring or guiding other analysts or hunters, contributing to the maturity and effectiveness of the overall threat detection and response program.

Senior Cybersecurity Specialist

Key skills