Key Responsibilities

• Proactive Threat Hunting:
• Identify stealthy threats and advanced persistent threats (APTs) that bypass traditional detection systems
• Conduct proactive threat hunting across endpoints, networks, and cloud environments
• Analyze telemetry data to identify anomalous activity and advanced persistent threats (APTs)
• Hypothesis Development:
• Build and test hypotheses based on threat trends and attacker behavior
• Threat Intelligence Integration:
• Use threat intelligence to correlate suspicious indicators with potential adversary tactics
• Leverage internal and external intelligence feeds to enrich hunting campaigns
• Stay current on emerging threats, vulnerabilities, and attack methodologies
• Familiar with the most well-known ATP targeting banking sector and their TTPs
• Tooling & Automation:
• Develop custom scripts, queries, and detection logic using Python, PowerShell, and YARA
• Collaboration:
• Collaborate with SOC, GRC and Incident Response teams to strengthen detection capabilities, to escalate and remediate threats effectively
• Reporting & Documentation:
• Produce detailed reports and visualizations for technical and non-technical stakeholders

Required Skills & Qualifications

• 5+ years of hands-on cybersecurity experience, including at least 2 years of threat hunting, incident response, or red teaming
• Strong understanding of attacker techniques and tactics (MITRE ATT&CK, kill chain methodology)
• Experience with SIEM (Splunk, QRadar, LogRhythm), XDR (CrowdStrike, SentinelOne, Cortex), NDR (Darktrace, Vectra AI) , and threat intel platforms
• Expertise in log analysis, behavioral analytics, and anomaly detection
• Experience in scripting languages: Python, PowerShell, Bash
• Familiarity with banking-specific threats: ATM malware, SWIFT network compromises, credential stuffing in online banking
• Excellent analytical, problem-solving, and communication skills
• Bachelor’s degree in Computer Science, Cybersecurity, or related field (preferred but not mandatory)

Desirable Extras

• Certifications: GCTI, GCFA, OSCP or equivalent
• Experience with threat hunting platforms and threat intel feeds
• Experience with underground cybersecurity criminal forums
• Previous experience in financial or banking sector cybersecurity operations

Show more
Show less