Lead Threat Hunting Specialist with AI capabilities

EPAM·Kazakhstan, Uzbekistan, Armenia, Georgia, Belarus·Удалённо·5д. назад

We are seeking a Lead Threat Hunting Specialist with AI capabilities who will proactively identify, investigate and mitigate advanced cyber threats targeting the organization by conducting hypothesis-driven threat hunting across enterprise environments. The role involves analyzing attacker tactics, techniques and procedures (TTPs) to detect stealthy or previously unknown threats, supporting incident response activities through deep investigative insights and contributing to the continuous enhancement of detection and defense capabilities.

Responsibilities

Conduct proactive threat hunting across endpoints, networks, cloud platforms and security data sources to identify hidden threats and anomalous behavior
Develop and execute threat hunting hypotheses based on intelligence, indicators of compromise (IOCs) and attacker TTPs
Analyze large datasets including logs, endpoint telemetry, network traffic and threat intelligence feeds to detect malicious activity
Identify advanced persistent threats (APT), insider threats and sophisticated attack patterns that bypass traditional security controls
Perform deep-dive investigations into suspicious activities and support incident response teams during active incidents
Reverse-engineer attack behaviour and analyse malware artifacts where required to understand adversary activity
Develop custom detection logic, queries and use cases (e.g., SIEM, EDR, XDR) to enhance visibility and detection coverage
Continuously refine and improve threat hunting methodologies, playbooks and standard operating procedures
Leverage threat intelligence to identify emerging threats relevant to the client and align hunting activities accordingly
Conduct memory analysis, log correlation and network forensics to validate potential threats
Collaborate with SOC, Incident Response, Digital Forensics and Threat Intelligence teams to strengthen detection and response capabilities
Document threat hunting findings, including identified threats, detection gaps and remediation recommendations; develop and maintain dashboards and reporting for stakeholders; participate in simulation exercises, red/purple team activities and breach and attack simulations

Requirements

Bachelor's degree in Information Security, Computer Science, Cybersecurity or equivalent
9 years of experience in cybersecurity, with strong focus on threat hunting, incident response or security operations
Expertise in proactive threat hunting across endpoints, networks and cloud platforms
Proficiency in analysing logs, endpoint telemetry and network traffic
Skills in reverse-engineering attack behaviour and malware artifact analysis
Competency in developing custom detection logic, queries and use cases for SIEM, EDR and XDR
Knowledge of memory analysis, log correlation and network forensics
Understanding of advanced persistent threats (APT), insider threats and attacker TTPs
Familiarity with threat intelligence feeds and indicators of compromise (IOCs)
Capability to work within, or very close to, UAE business hours
English proficiency at B2 level or higher

Nice to have

Certified Information Systems Security Professional (CISSP)
GIAC Certified Incident Handler (GCIH) or GIAC Certified Forensic Analyst (GCFA)
Certified Threat Intelligence Analyst (CTIA)
Certified Ethical Hacker (CEH) or Certified Reverse Engineering Analyst (CREA)
CompTIA Security+