Job Title:  T&T | Cyber: D&R | AM | SIEM | Mumbai

Role Overview

A Threat Hunter proactively identifies, investigates, and mitigates advanced threats that bypass traditional security controls. This role focuses on hypothesis-driven hunting, deep log analysis, and improving detection capabilities across the SOC.

Key Responsibilities

• Proactively hunt for threats across endpoints, network, and logs using SIEM/EDR tools
• Develop and execute threat hunting hypotheses based on threat intelligence and attack patterns
• Analyze large datasets (logs, alerts, network traffic) to identify anomalies and indicators of compromise (IOCs)
• Work closely with SOC (L1/L2) and Incident Response teams to validate and escalate findings
• Create and fine-tune detection rules/use cases in SIEM (e.g., IBM QRadar)
• Leverage threat intelligence feeds (MITRE ATT&CK mapping, TTPs) to enhance hunting strategies
• Perform retrospective analysis to identify missed attacks
• Document hunting findings, attack patterns, and recommendations
• Automate repetitive hunting tasks using scripts (Python, PowerShell, etc.)

Required Skills & Experience

Experience

• 3+ years in SOC / Threat Hunting / Incident Response
• Hands-on experience with SIEM tools (e.g., QRadar, Splunk)
• Exposure to EDR/XDR platforms

Technical Skills

• Strong understanding of:
• Network protocols (TCP/IP, DNS, HTTP/S)
• Windows/Linux security logs
• Endpoint behavior and attack techniques
• Familiarity with:
• MITRE ATT&CK framework
• Threat intelligence platforms
• Log analysis and correlation
• Basic scripting skills (Python, Bash, PowerShell)