Threat Hunter - SOC

Threat Hunter – SOC

Role Overview
A Threat Hunter in the SOC proactively searches for advanced threats, suspicious activities, and hidden attack patterns that may bypass traditional security controls. The role focuses on identifying, analyzing, and mitigating potential cyber threats before they cause damage.

Key Responsibilities
Proactively hunt for threats across networks, endpoints, servers, and cloud environments
Analyze logs, alerts, and telemetry from SIEM, EDR, NDR, and other security tools
Identify Indicators of Compromise (IOCs) and Indicators of Attack (IOAs)
Conduct hypothesis-driven threat hunting and behavioral analysis
Investigate advanced persistent threats (APTs), insider threats, and zero-day attacks
Collaborate with SOC Analysts, Incident Response, and Blue Team for remediation
Develop and improve detection rules, use cases, and playbooks
Document findings and provide threat intelligence reports
Stay updated with emerging threats, attacker TTPs, and MITRE ATT&CK techniques
Required Skills
Strong understanding of networking, operating systems (Windows/Linux), and security concepts
Hands-on experience with SIEM tools (Splunk, QRadar, Sentinel, etc.)

Experience with EDR/XDR solutions (Crowd Strike, Defender, Carbon Black, etc.)
Knowledge of MITRE ATT&CK framework
Log analysis and threat intelligence correlation
Scripting skills (Python, Power Shell, Bash – preferred)
Incident response and malware analysis basics

Preferred Qualifications
2–6 years of experience in SOC, Blue Team, or Threat Hunting
Certifications such as GCED, GCIA, GCIH, CEH, or similar

Experience with cloud security (AWS, Azure, GCP)
Familiarity with SOAR tools and automation