| Reporting Structure |
| Reports to Chief Manager - Security Operations • Cyber Security |
| Designation | Program Lead – Threat hunting |
| Education: | University degree in the field of computer science Or IT is preferable. However, any graduate with relevant experience and technical certifications in the domain can be considered for the Vacancy. |
| Desired Experience/Exposure | - · Minimum 10 years of experience in a technical role in the areas of Security Operations, Cyber Incident Response with extensive experience performing Threat hunting on IT Systems, Network and Endpoints. With at least 7 years in threat hunting, incident response, or SOC roles.
- · Proficiency in SIEM platforms (Splunk, Sentinel, QRadar, etc.) XDR and EDR tools (CrowdStrike, Carbon Black, etc.).
- · Experience with scripting (Python, PowerShell, etc.) and automating threat detection or hunting tasks.
- · Strong understanding of Windows, Linux, and network protocols.
- · Familiarity with threat intelligence sources and frameworks (MITRE ATT&CK, Diamond Model, Cyber Kill Chain).
- · Ability to proactively find cybersecurity threats and mitigate them.
- · Knowledge about Advanced persistent threats and treat actors, their TTPs. Ability to recognize attack patterns and corelate them with specific threat actors.
- · Ability to obtain as much information on threat behaviour, goals and methods as possible.
- · Knowledge of Analytics platforms for carrying out detailed analytics of obtained telemetry.
|
| Industry | Financial Domain (Banking / NBFC experience is desirable) |
| Responsibilities | - · Use Various available Security controls and the telemetry data within to conduct proactive threat hunts using a hypothesis-based approach.
- Coordinate with various stakeholders to obtain the data as required.
- Conduct proactive threat hunting across systems, networks, and endpoints using a variety of tools and data sources.
- Analyse large datasets (logs, packet captures, alerts) to identify anomalies, malicious activity, and Indicators of Compromise (IOCs).
- Develop and test hunting hypotheses based on threat intelligence, adversary emulation, and red team activities.
- Collaborate with SOC analysts, incident responders, and threat intelligence teams to improve detection rules and response strategies.
- Create custom detection logic and fine-tune SIEM/EDR alerts.
- Provide detailed reports and briefings to stakeholders about findings and mitigation strategies.
- Continuously improve hunting methodologies, automation, and use of threat hunting frameworks (e.g., MITRE ATT&CK).
- Stay current on emerging threats, vulnerabilities, and cyber-attack techniques.
- Identify Risks and Threats based on threat hunts undertaken.
- Communicate with Senior Management and other stakeholders about the findings and to take necessary actions.
- Work with Security Operations to take the identified anomalies to a conclusion.
- Prepare monthly reports on threat hunts and able to showcase ROI of the overall threat hunting program.
|
| Certifications | - Security certifications such as GCFA, GCTI, GCIA, OSCP, CEH, or similar.
- Experience using threat hunting platforms or custom-built hunting environments.
|
