Threat Hunter - SOC

Threat Hunter – SOC

Role Overview

A Threat Hunter in the SOC proactively searches for advanced threats, suspicious activities, and hidden attack patterns that may bypass traditional security controls. The role focuses on identifying, analyzing, and mitigating potential cyber threats before they cause damage.

Key Responsibilities

• Proactively hunt for threats across networks, endpoints, servers, and cloud environments
• Analyze logs, alerts, and telemetry from SIEM, EDR, NDR, and other security tools
• Identify Indicators of Compromise (IOCs) and Indicators of Attack (IOAs)
• Conduct hypothesis-driven threat hunting and behavioral analysis
• Investigate advanced persistent threats (APTs), insider threats, and zero-day attacks
• Collaborate with SOC Analysts, Incident Response, and Blue Team for remediation
• Develop and improve detection rules, use cases, and playbooks
• Document findings and provide threat intelligence reports
• Stay updated with emerging threats, attacker TTPs, and MITRE ATT&CK techniques

Required Skills

• Strong understanding of networking, operating systems (Windows/Linux), and security concepts
• Hands-on experience with SIEM tools (Splunk, QRadar, Sentinel, etc.)
• Experience with EDR/XDR solutions (CrowdStrike, Defender, Carbon Black, etc.)
• Knowledge of MITRE ATT&CK framework
• Log analysis and threat intelligence correlation
• Scripting skills (Python, PowerShell, Bash – preferred)
• Incident response and malware analysis basics

Preferred Qualifications

• 2–6 years of experience in SOC, Blue Team, or Threat Hunting
• Certifications such as GCED, GCIA, GCIH, CEH, or similar
• Experience with cloud security (AWS, Azure, GCP)
• Familiarity with SOAR tools and automation