We’re not looking for someone who waits for alerts.
We’re looking for someone who assumes we are already compromised and
goes hunting.
As a Senior Threat Hunter, you will proactively identify advanced threats,
hidden attacker behaviours, and security blind spots across endpoint, cloud,
identity, and SaaS environments. You will operate at the intersection of threat
intelligence, detection engineering, and incident response — building
capabilities, not just running playbooks.
This role is for someone who thinks like an adversary, moves fast, and isn’t
satisfied with “no alerts found” as an answer.
Key Responsibilities:
• Design and run aggressive, hypothesis -driven threat hunting campaigns
• Identify stealthy TTPs that bypass EDR, SIEM rules, and traditional detections
• Hunt across multi -cloud, identity systems, endpoints, and network telemetry
• Translate intelligence into detection logic and production -grade analytics
• Break existing detection systems and make them better
• Build reusable hunting playbooks and automation workflows
• Reduce dwell time and close telemetry blind spots
• Partner closely with DFIR and red team to simulate real -world attack paths
• Mentor SOC analysts and elevate overall detection maturity
Requirements
Skills and Qualifications:
• 6+ years in cybersecurity with deep hands -on experience
• 2–4 years in threat hunting, DFIR, red teaming, or advanced SOC roles
• Strong command of MITRE ATT&CK and attacker tradecraft
• Advanced query skills (KQL, SPL, SQL)
• Experience with SIEM (Sentinel, Splunk, QRadar), EDR/XDR (CrowdStrike,
Defender, SentinelOne), and cloud telemetry
• Strong understanding of identity attacks, lateral movement, privilege
escalation, persistence mechanisms
• Ability to script in Python / PowerShell to automate investigations
• Experience in hybrid cloud (AWS, Azure, GCP) and SaaS monitoring
Bonus If You’ve Done:
• Purple team exercises
• Adversary emulation
• Detection engineering from scratch
• AI -assisted detection or anomaly modelling
• Built hunting programs in a fast -growing company
Mindset We Value:
• You question assumptions
• You treat “normal behaviour” as suspicious until proven otherwise
• You move fast but document cleanly
• You can explain complex attack chains to both engineers and leadership
• You don’t hide behind tools — you understand what’s happening under the
hood
Why This Role Is Different:
• You won’t just operate tools. You’ll influence architecture.
• You won’t just investigate alerts. You’ll design detections.
• You won’t just follow a SOC process. You’ll help redefine it.
If you’re the kind of hunter who gets excited about uncovering something no
one else saw, this will feel like home.
Benefits
What We Offer:
• Competitive salary and benefits package.
• Opportunities for professional growth and advancement.
• Exposure to cutting -edge technologies and projects.
• A collaborative and supportive work environment.
How to Apply: Interested candidates should submit a detailed resume and a
coverletter outlining their qualifications and experience relevant to the role
applied for. Applications should be sent via our careers portal or to
[email protected]
St. Fox is an Equal Opportunity Employer. We celebrate diversity and are
committed to creating an inclusive environment for all employees.