Requirements: English
Company: CQURE
Region: Pruszkw , Masovian Voivodeship
CQURE is a provider of specialized IT security services such as advanced penetration testing, security audits, and forensic IT investigations. CQURE experts also conduct conference sessions and training programs for international organizations and top management. Our clients range from small businesses to global corporations in Europe, the USA, the Middle East, Southeast Asia, and Africa. We provide services to various industries, including government organizations, financial institutions, military units, healthcare organizations, ministries, airlines, and more. We are seeking a skilled Threat Hunter to proactively identify, analyze, and mitigate advanced cyber threats across enterprise environments. This role requires deep expertise in various Security Information and Event Management (SIEM) systems, threat intelligence, and endpoint detection and response (EDR) platforms. The ideal candidate will work with multiple security tools, conduct Advanced Threat Hunting (ATH), and improve detection capabilities. Responsibilities: Proactively hunt for advanced persistent threats (APTs), malware, and insider threats within enterprise environments. Analyze security telemetry from various sources, including SIEM, EDR, XDR, and cloud security tools to detect and investigate anomalies. Develop and optimize hunting queries, detections, and automation in SIEMs and threat-hunting platforms. Conduct forensic investigations on suspicious activity, using logs, memory analysis, and behavioral analytics. Leverage threat intelligence to correlate security incidents and improve detection strategies. Collaborate with incident response (IR) teams to remediate and mitigate threats. Identify gaps in security monitoring, recommend improvements, and implement threat detection enhancements. Research and implement new hunting methodologies based on emerging threats and attacker tactics, techniques, and procedures (TTPs). Develop detection rules, scripts, and custom SIEM queries to improve security monitoring. Document threat-hunting findings, create reports, and present to stakeholders. Requirements: 6 years of experience in providing cybersecurity services or training, Expert level IT skills and knowledge (cybersecurity), Vast experience in IT infrastructure management, deployment and testing, Interest in IT security, cloud solutions, network security and server administration technologies, Bachelor's Degree in Information Technology or related field of study, English (at least B2 level). Certifications (Preferred but not required): GIAC Certified Threat Intelligence Analyst (GCTI) GIAC Certified Incident Handler (GCIH) GIAC Security Operations Certified (GSOC) Microsoft Certified: Security Operations Analyst Associate (SC-200) Splunk Core Certified Power User AWS Certified Security Specialty Certified Information Systems Security Professional (CISSP) Work Environment Expectations: Ability to work in a 24/7 SOC or threat-hunting team as required. Flexibility to adapt to evolving cyber threats and changing hunting techniques. Strong desire for continuous learning and staying updated with cyber threat intelligence. SIEM Platforms (Experience with 2 or more is preferred): Microsoft Sentinel Splunk Enterprise Security IBM QRadar Crowdstrike solutions ArcSight (OpenText Security Operations) Chronicle SIEM (Google Cloud) LogRhythm Securonix Next-Gen SIEM Threat Hunting Detection Platforms: Microsoft Defender Threat Hunting (Advanced Hunting - KQL) Microsoft Defender XDR CrowdStrike Falcon Insight Palo Alto Cortex XDR SentinelOne Singularity Elastic Security (Kibana queries for threat hunting) VMware Carbon Black Response RSA NetWitness Cloud Security Monitoring: Azure Security Center Defender for Cloud AWS GuardDuty Security Hub Google Chronicle Security Command Center Cisco SecureX Threat Intelligence Forensic Tools: MITRE ATTCK Framework (for mapping TTPs) MISP (Malware Information Sharing Platform) Wireshark (Network Traffic Analysis) Volatility etc. Sysmon, Windows Event Logs (Log Analysis) Form of employment: Flexible form of employment (B2B, employment contract), Hybrid or in the office in Warsaw Centre, Flexible working hours. Salary: Based on the experience and skill set (12 000 20 000 PLN net) Benefits: Working with top IT specialists on international projects Many challenges, opportunities for development, and task variety every project is different! Competitive salary and stable employment conditions A relaxed work atmosphere, flexible working hours, and no dress code policy A cafeteria system (points can also be exchanged for shopping/travel vouchers, movie/theater tickets, etc.) and/or a subsidized MultiSport card (preferential conditions for accompanying persons) you decide what you choose! Subsidized private medical care and the possibility of including family members on preferential terms A modern office with weekly team lunches and daily enjoyment of specialty coffee