Cybersecurity Threat Hunter

Job Summary

We are seeking a highly skilled and proactive Cybersecurity Threat Hunter to join our dynamic team focused on safeguarding our cloud-based healthcare solutions. The ideal candidate will be responsible for proactively identifying, investigating, and mitigating advanced cyber threats within a complex and highly regulated environment. This role demands deep technical expertise in adversary tactics, techniques, and procedures (TTPs), strong analytical capabilities, and the ability to leverage threat intelligence to detect and neutralize sophisticated cyber risks.

As a Threat Hunter, you will operate at the forefront of our cybersecurity defense, hunting for signs of malicious activity, advanced persistent threats (APTs), and insider risks across enterprise networks, endpoints, and cloud workloads. Your work will be critical in ensuring the integrity, confidentiality, and availability of sensitive healthcare data and systems.

Key Responsibilities

• Proactively hunt for undetected threats, malicious activity, and adversary behavior within enterprise systems, healthcare environments, and cloud infrastructure.
• Develop and execute advanced hunting queries across SIEM, EDR, NDR, and log management platforms to identify indicators of compromise (IoCs) and anomalous behavior.
• Analyze network traffic, endpoint activity, and cloud workloads to detect and investigate potential security incidents.
• Apply industry-standard frameworks such as MITRE ATT&CK and Cyber Kill Chain to map adversary behavior and enhance detection coverage.
• Collaborate closely with SOC, Incident Response, and Threat Intelligence teams to validate, escalate, and remediate identified threats.
• Develop and refine threat hunt hypotheses based on emerging TTPs, intelligence reports, and healthcare-specific threat landscapes.
• Document hunting methodologies, findings, and lessons learned to support continuous improvement of security operations.
• Recommend enhancements to detection rules, playbooks, and monitoring capabilities to strengthen organizational resilience.
• Provide expert input into red team/blue team exercises and purple team initiatives to simulate real-world attack scenarios and improve defensive measures.
• Mentor and train SOC analysts on advanced threat detection, investigation techniques, and threat hunting best practices.

Qualifications & Experience

• Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or a related field; equivalent practical experience will be considered.
• A minimum of 8+ years of experience in cybersecurity operations, SOC, incident response, or threat hunting, preferably within healthcare or highly regulated industries.
• In-depth knowledge of adversary TTPs, malware analysis, lateral movement, and persistence mechanisms.
• Hands-on experience with SIEM platforms such as LogRhythm, Splunk, Microsoft Sentinel, or QRadar; EDR tools including CrowdStrike, Defender ATP, or Carbon Black; and threat hunting solutions.
• Proficiency in scripting and query languages such as Python, PowerShell, or SQL for automation and data analysis.
• Familiarity with cybersecurity frameworks including MITRE ATT&CK, NIST CSF, and operational experience with threat intelligence feeds.
• Strong analytical, investigative, and problem-solving skills, with the ability to work effectively under pressure.
• Excellent communication and collaboration skills, with experience working in cross-functional teams.

Preferred Certifications:

• GCFA (GIAC Certified Forensic Analyst)
• GCIH (GIAC Certified Incident Handler)
• GCDA (GIAC Cyber Defense Analyst)
• CHFI (Computer Hacking Forensic Investigator)
• Microsoft Certified: Cybersecurity Architect Expert or similar cloud security certifications

What We Offer

• A challenging and impactful role within a leading cloud solutions provider, focused on innovation and security excellence.
• Opportunities for professional growth, skill development, and industry certification support.
• A collaborative, forward-thinking work environment with a focus on cutting-edge technologies and best practices.
• Competitive compensation and benefits package.

Note: This position requires adherence to KSA time zone working hours (Sunday to Thursday). Candidates must be capable of working independently and as part of a distributed, global team.