Threat Hunter
CNA Insurance · Chicago, IL · 2 wk ago
HybridManagement$97k–$189k/yrFull-time
Essential Duties & Responsibilities
- Leads and conducts real-time and historical analysis using the full security suite including Endpoint Protection, SIEM, Firewall, EDR, IDS, Email Gateway, Web Content Filtering, and Identity Management technologies.
- Conducts incident response triage analysis on suspected hosts to determine potential attacks and scope.
- Conducts threat hunting operations based on the latest threat intelligence.
- Creates strategies for enterprise-wide hunts based on triage findings and intelligence efforts.
- Maintains awareness of emerging attack tactics, techniques, and procedures.
- Collaborates with SOC, Threat Intelligence, Incident Response, and Enterprise Security teams.
- Identifies visibility gaps and recommends improvements.
- Manages day-to-day SOC monitoring, investigations, response, and intelligence activities.
- Collaborates in coordinating escalation for advanced forensics and malware reverse engineering.
- Communicates security incidents clearly to business and non-technical stakeholders.
Skills, Knowledge & Abilities
- In-depth knowledge of SIEM, IDS/IPS, web proxies, DLP, CASB, DNS security, DDoS protection, and firewalls.
- Advanced experience with forensic tools for OS artifact, memory, and network analysis.
- Strong understanding of malware, reverse engineering principles, and network protocols.
- Demonstrated ability to build, execute, and lead enterprise threat hunting programs.
- Ability to work collaboratively in high-pressure incident response environments.
- Demonstrated ability to apply artificial intelligence and machine-learning techniques to threat hunting, including use of LLMs, UEBA, and statistical models to surface anomalous behavior, enrich low-signal telemetry, and accelerate hypothesis-driven hunts across large enterprise datasets.
- Experience evaluating, tuning, and operationalizing AI-enabled security capabilities (e.g., AI-assisted SIEM, EDR/XDR, and detection engineering workflows), with an understanding of model limitations, bias, false-positive risk, and the need for analytically defensible outcomes suitable for executive, legal, and regulatory review.
Education & Experience
- Bachelor’s degree in Computer Science or related discipline, or equivalent experience.
- Typically a minimum of 10 years of experience in cyber monitoring, threat hunting, incident response, forensics, or related disciplines.
Benefits
CNA offers a comprehensive and competitive benefits package to help our employees – and their family members – achieve their physical, financial, emotional and social wellbeing goals. For a detailed look at CNA’s benefits, please visit cnabenefits.com.