Publicada el 17 junio
Misión del puesto
Experteer Overview In this role you will lead hypothesis-driven threat hunts to uncover advanced, stealthy threats across enterprise environments. You collaborate with Incident Response and Detection Engineering to close detection gaps and improve SOC maturity, using Microsoft Sentinel, Defender suites, and IoT telemetry. You analyze adversary behavior, map findings to MITRE ATTu0026amp;
CK, and deliver formal threat hunt reports to drive remediation. This position offers the chance to shape threat visibility in a global delivery environment and work with cross-functional teams to reduce risk.Compensaciones / Beneficios - Conduct hypothesis-driven, TTP-centric threat hunts using telemetry from Microsoft Sentinel and Defender platforms - Develop hunt hypotheses based on adversary campaigns, MITRE ATTu0026CK techniques, threat intelligence, and observed weaknesses - Identify detection blind spots and data quality issues to improve analytics - Perform advanced KQL-based threat hunting across large data volumes in Microsoft Sentinel - Execute advanced endpoint hunting via Defender Advanced Hunting and correlate endpoint telemetry with SIEM data - Perform threat hunting across IoT/OT and ICS with Defender for IoT telemetry where applicable - Produce formal threat hunt reports detailing hunt hypothesis, data sources, findings, MITRE ATTu0026CK mapping, and remediation recommendations - Support L1/L2 analysts and partner with Incident Response and Detection Engineering to raise threat visibility and SOC maturityResponsabilidades - 4-7+ years in SOC, Threat Hunting, Incident Response, or Detection Engineering - Proven experience in proactive threat hunting (not just tool monitoring) - Experience in enterprise-scale SIEM and EDR environments - Advanced expertise in MS Sentinel and Defender Suites - Strong mastery of KQL (Kusto Query Language) - Deep understanding of MITRE ATTu0026CK, adversary tradecraft, malware and post-exploitation techniques - Strong endpoint telemetry analysis, network traffic analysis, and log correlation across security layers - Excellent written and verbal communication - Curiosity-driven, attacker-mindset analysis - Ability to work independently on ambiguous, high-impact threatsRequisitos principales - hybrid work model - career development and tailored training - well-being programs including psychological support - volunteering opportunities - recognition programs - flexible working arrangements
