Staff Threat Hunter
TENEX.AI · United States · 1 wk ago
RemoteRemoteBusiness DevelopmentFull-time
About the role
As Staff Threat Hunter, you'll own how TENEX hunts — the methodology, the tooling, the hypotheses, and the conversion of hunt findings into production detections. You'll work across multi-tenant MDR telemetry in Google SecOps / Chronicle, partnering with detection engineering to close the gaps automated alerting misses.
Responsibilities
- Lead proactive, hypothesis-driven hunts.
- Run investigations across SIEM, EDR, network, and identity telemetry to surface the threats automated detection misses.
- Own the hunt methodology.
- Build, document, and refine the playbooks the team runs from.
- Decide what gets hunted, on what cadence, and how findings convert into permanent detections.
- Drive the detection engineering partnership.
- Work directly with detection engineers to turn hunt findings into production rules and analytics in Google SecOps / Chronicle.
- Operationalize Threat Intelligence.
- Track adversary TTPs relevant to our customer base, prioritize what matters, and translate intel into hunt hypotheses.
- Mentor SOC analysts and junior hunters.
- Pair on investigations, lead technical deep-dives, and grow the team's hunt capability.
- Lead complex incident investigations.
- When a hunt surfaces a real intrusion, run the technical investigation alongside incident response through containment.
- Report on program outcomes.
- Communicate findings to customers and internal stakeholders — what was found, what was contained, where the detection coverage gap was, and what we changed.
Requirements
- 8+ years in threat hunting, SOC, or incident response, with at least 3 in a senior/lead capacity.
- Deep hands-on experience running hypothesis-driven hunts across SIEM and EDR telemetry in enterprise or MDR environments.
- Strong command of attacker TTPs and MITRE ATT&CK — you can map an intrusion from initial access through impact and explain the detection gap at each stage.
- Scripting fluency in Python and/or PowerShell for hunt tooling, telemetry parsing, and detection automation.
Qualifications
- Bachelor's degree in Computer Science, Cybersecurity, or Engineering, or a related field (or equivalent experience).
- Relevant certifications such as GCIH, GCFA, GCDA, OSCP, CISSP, AWS / GCP, or Splunk / Chronicle / Sentinel certifications are a plus.