Can you imagine taking part in the transformation of leading national and international organizations? At Deloitte, we are committed to making an impact on society, our clients, and our people.
We're looking for a senior cybersecurity professional to join our Threat Hunting team. This team brings together experts in Threat Intelligence, Threat Research, Digital Forensics, Incident Response, Red Team operations and Bug Bounty to perform proactive anomaly detection exercises.
This is not a monitoring role — you will be finding threats that no alert has fired for yet.
Location: Madrid
What will your day-to-day look like?
* Hunt proactively (Hypothesis basis, Behaviour-based hunting, TTP based) — assume compromise, prove or disprove it.
* Think from the attacker's perspective — build hypotheses from adversary behaviour, not detection rules.
* Convert hunt findings into permanent detection use cases handed over to the SOC.
* Act as the bridge between CTI and Incident Response — from raw intel to operational threat hunting.
* Confidently document and deliver a clean finding — proving a threat is NOT present is also a result.
* Investigate advanced threats and assess potential risks affecting international clients across multiple sectors.
* Track trending threat actors and collaborate with other teams to develop tailored threat models.
* Design and run proofs of concept in lab environments to enhance our detection capabilities and collective knowledge.
* Produce actionable intelligence based on ongoing investigations and monitoring activities.
* Analyze advanced attacker behaviors using industry-leading security platforms such as Microsoft Defender XDR, CrowdStrike Falcon XDR, Cortex XSIAM, and Google SecOps, among others.
* Support cross-team incident response efforts to ensure timely and effective containment and remediation.
What we expect from you:
* Minimum three years of experience in cybersecurity.
* Strong English communication skills.
* Hands-on experience with security platforms such as XDR and next-generation SIEM solutions.
* Familiarity with frameworks such as MITRE ATT&CK and the Cyber Kill Chain.
* Practical knowledge of offensive techniques across Windows, Linux, and cloud environments.
* Knowledge of advanced threat lifecycles and infection chains.
* Programming skills in languages such as Python, PowerShell, Go, or Rust.
* Travel flexible.
What is it like to work at Deloitte? High-impact projects offering long-term growth and continuous learning opportunities.
Hybrid and flexible working model, with flexible hours and a healthy balance between remote work and collaboration in our offices or at client sites.
A positive and collaborative work environment, with team-building activities, cultural and sports events throughout the year.
Holistic wellbeing, supported by our physical, mental, and financial health programs, including on-site medical services.
Social impact, with access to a wide range of national and international volunteering initiatives and pro bono projects where you can contribute your time and talent.
A strong feedback culture and continuous learning, within an inclusive environment that promotes equal opportunities and personalized development plans. You may even see yourself at Deloitte University in Paris.
Exclusive benefits, including a comprehensive benefits portfolio and a flexible compensation plan.
Next steps: If what you have read resonates with you, here is what comes next:
* Apply to the position
* If your experience matches the role, our Talent team will contact you to get to know you better.
Start your journey with Deloitte. We will guide you through each stage of the process until your onboarding.