Role: Threat Hunter
Client: Investment Bank
Location: London, 5 days initially, reducing to 3.
Engagement: Contract -> Perm conversion
Rate/Salary: TBC, with a view to convert.
Requirements:
Proactively hunt for advanced threats across endpoints, network, cloud, and identity using telemetry from SIEM/XDR/EDR and threat intelligence.
Build and refine hypothesis-driven hunts (MITRE ATT&CK mapped), identifying attacker TTPs, abuse paths, and suspicious behaviors.
Perform deep-dive investigations and root cause analysis on anomalous activity, confirming impact, scope, and dwell time.
Develop and tune high-fidelity detections (queries/rules/use-cases) and reduce noise through continuous SIEM/XDR optimisation.
Lead incident response support for high-severity events: containment recommendations, eradication guidance, and post-incident improvements.
Create threat intel–informed hunting playbooks and contribute to purple teaming, tabletop exercises, and adversary emulation.
Produce clear, executive-ready reporting and write-ups: findings, risk, remediation actions, and measurable outcomes.
Collaborate with SOC, engineering, and IAM/cloud teams to close gaps (logging, visibility, hardening) and improve security posture.