Threat Hunter
Job Summary
Position Overview
We are seeking a highly analytical proactive and technically skilled Threat Hunting Analyst to join our Cyber Security this role the candidate will move beyond reactive alert monitoring to actively track down hidden adversaries advanced persistent threats (APTs) and several other techniques within the enterprise footprint and infrastructure.
The ideal candidate will perform structured hypothesis-driven threat hunting campaigns utilizing our core enterprise security stack specifically in SIEM/ EDR and Threat intelligence. This individual must possess deep tactical knowledge of adversary behaviors exceptional log decoding capabilities and a baseline skill set in detection engineering to convert hunting discoveries into permanent high-fidelity security alerts.
Key Responsibilities
Proactive Threat Hunting: Design formulate and execute structured hypothesis-driven threat hunting campaigns across but not limited to endpoints identity providers network telemetry and cloud environments.
Hypothesis Generation & Scenario Modeling: Develop testable environment-specific hunting hypotheses from scratch by translating threat intelligence briefs and known attacker behaviors into targeted queries focusing on uncovering anomalies rather than relying on static alerts.
Adversary Mapping: Look beyond standard SIEM/XDR alerts to uncover stealthy or zero-day malicious activities mapping all discoveries directly to the MITRE ATT&CK framework to identify visibility gaps.
Advanced Query Engineering: Author tune and optimize custom detection rules and complex threat hunting queries using YARA-L 2.0 and Google SecOps Universal Data Model (UDM) search.
Endpoint Telemetry Deep-Dives: Utilize Query Languages and Advanced Event Search within XDR to decode raw endpoint telemetry and reconstruct host timelines during active investigations.
Threat Intelligence Enrichment: Leverage Threat Intelligence to dynamically enrich host investigations validate malware behavior and pivot from standalone Indicators of Compromise (IOCs/IOAs) into broader attacker infrastructure. Consume and analyze tactical/strategic threat intelligence to understand the latest Tactics Techniques and Procedures (TTPs) of relevant threat actors.
About Company
At Virtusa, we are builders, makers, and doers. Digital engineering is in our DNA. It’s at the heart of everything we do.