Position Overview:

CyberProof is seeking a Senior Threat Hunter with strong development skills—particularly in Python and Jupyter Notebooks—to join our growing Managed Services team. This role is ideal for someone who combines deep investigative expertise with the ability to design, build, and automate advanced hunting tools and workflows.

You will be responsible for developing scalable, repeatable, and automated hunting environments, enabling advanced data analysis across large-scale telemetry sources.

Key Responsibilities:

Threat Hunting & Analysis:

Research the latest threat trends, APT campaigns, and emerging TTPs to develop hypothesis-driven hunt packages mapped to MITRE ATT&CK.

Perform proactive hunting across network, endpoint, and cloud datasets to identify indicators of compromise or malicious activity.

Conduct anomaly detection, behavioral analysis, and pattern recognition in complex datasets.

Development & Automation:

Build, optimize, and maintain custom Jupyter-based hunting environments.

Develop reusable Python modules, APIs, and automation frameworks to support large-scale hunting workflows.

Create and maintain data pipelines integrating multiple telemetry and threat intelligence sources.

Automate and schedule hunting notebooks using Azure ML pipelines, jobs, or similar orchestration frameworks.

Implement data validation, normalization, and correlation layers for accurate and repeatable hunt execution.

Reporting & Collaboration:

Produce structured reporting, dashboards, and visualizations using Python libraries (e.g., pandas, jinja2).

Collaborate with Threat Intelligence, Detection Engineering, and Use Case Management teams to align hunting outcomes with detection coverage.

Generate weekly, monthly, and ad-hoc threat hunting reports summarizing hypotheses, findings, and recommendations.

Requirements:

Education & Experience:

Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent experience.

5+ years of experience in Cyber Threat Hunting, Detection Engineering, or Incident Response.

Strong background in forensics and investigations across network, endpoint, and cloud logs.

Technical Skills:

Deep understanding of adversary TTPs, threat actor behavior, and attack frameworks (especially MITRE ATT&CK).

Experience with SIEM, EDR, datalake, and telemetry platforms.

Strong knowledge of Windows, Linux/Unix, and cloud environments (AWS, GCP, Azure).

Skilled in analyzing network traffic, packet captures, and large-scale log datasets.

Proven experience designing and maintaining advanced Jupyter Notebooks for threat hunting.

Strong proficiency in Python, particularly libraries used for data science (e.g., Pandas, MsticPy).

Understanding of modern CI/CD pipelines and automated analysis environments.

Experience in developing tools for detection validation, rule deployment, or telemetry analysis pipelines.

Soft Skills:

Strong critical thinking, analytical mindset, and an innovative approach to threat hunting.

Excellent written and verbal communication skills, able to convey findings to both technical and non-technical stakeholders.

Excellent time management, organization, and attention to detail.

Nice to Have:

Experience integrating Jupyter workflows with Cybereason, Sentinel, Microsoft Defender, CrowdStrike, or similar tools.

Relevant certifications (e.g., GCIH, GCFA, GREM, OSCP, CEH) are an advantage.