Jobs · Business Development · California

Threat Hunter

TENEX.AI · San Jose, CA · 1 wk ago
HybridBusiness DevelopmentFull-time

Key Responsibilities

  • Threat Hunting
    • Proactively search for indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by threat actors.
    • Analyze and correlate security telemetry from various sources, including SIEM, EDR, network logs, and threat intelligence feeds.
    • Conduct threat modeling and hypothesis-driven investigations to uncover hidden threats.
    • Collaborate with SOC analysts and incident responders to investigate and contain security incidents.
    • Develop and refine detection rules, signatures, and threat hunting methodologies.
    • Stay ahead of emerging threats by researching new attack vectors, adversary techniques, and malware trends.
    • Provide detailed reports on findings, including mitigation strategies and recommendations.
    • Contribute to the continuous improvement of threat detection capabilities through automation and AI-driven analysis.
  • Threat Monitoring & Detection
    • Monitor security alerts and events across the enterprise network, using both traditional cybersecurity tools and AI/ML-powered threat detection systems.
    • Leverage Google Chronicle's capabilities for threat intelligence and log analysis, enhancing visibility and providing insights into potential security incidents.
    • Apply AI to identify patterns, anomalies, and behaviors indicative of potential security incidents, reducing false positives and improving detection accuracy.
  • Incident Response & Analysis
    • Investigate and analyze security incidents and breaches, leveraging AI to automate initial analysis and enhance threat hunting efforts.
    • Utilize Google SecOps and Chronicle's advanced tools to centralize security data, correlate events, and accelerate incident response workflows.
    • Apply machine learning algorithms to identify emerging threats and trends, providing actionable insights for incident response.
  • Google SecOps & Chronicle Integration
    • Work with Google SecOps platform tools to streamline security operations, improve threat visibility, and automate workflows.
    • Collaborate with IT, Security, and Data Science teams to integrate Google Chronicle’s capabilities into the SOC, enhancing threat detection and incident resolution.
    • Optimize Google Chronicle for log management, threat hunting, and advanced analytics.
  • Security Automation
    • Develop and maintain automated workflows for common security incidents, leveraging AI for intelligent decision-making and faster response times.
    • Automate routine SOC tasks such as log analysis, incident classification, and threat intelligence enrichment using Google SecOps and Chronicle integrations.
  • Reporting & Documentation
    • Create detailed incident reports, risk assessments, and threat intelligence summaries, integrating AI-driven findings and insights.
    • Prepare regular performance and security posture reports for internal stakeholders, highlighting key AI-driven improvements and threat mitigation outcomes.
  • Collaboration & Knowledge Sharing
    • Work closely with cross-functional teams (e.g., IT, Customer Success, DevOps, Engineering, Data Science) to promote and improve AI-driven security initiatives and improve the customers' overall security posture.
    • Share knowledge of AI-powered security techniques and Google SecOps tools with SOC team members to enhance their capabilities in threat detection and incident response.

    Qualifications

    • Education: Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent work experience.
    • Relevant certifications (e.g., CISSP, CISM, CEH) are a plus.
    • Experience: 3+ years of experience in a Threat Hunting, Security Operations Center (SOC) or a similar security-focused role.
    • Strong understanding of attacker methodologies, malware analysis, and digital forensics.
    • Hands-on experience with security tools such as SIEM, EDR, SOAR, and forensic analysis platforms.
    • Proficiency in scripting languages (Python, PowerShell, etc.) for automating threat detection and analysis.
    • Interest in applying automation and/or artificial intelligence and machine learning techniques to cybersecurity tasks, such as threat detection, anomaly detection, and security automation.
    • Hands-on experience with security analytics, log management, threat hunting, and incident response.
    • Hands-on experience with Google SecOps platform (Google Chronicle) is a strong plus.
    • Hands-on experience with the Microsoft security platform (Sentinel, Defender) is a plus.

    Technical Skills

    • Strong understanding of cybersecurity concepts and frameworks (e.g., NIST, Mitre, ISO, Killl Chain).
    • Experience with AI/ML tools for cybersecurity, such as intrusion detection systems (IDS), SIEM tools, and security automation platforms.
    • Proficiency in scripting languages (e.g., Python, PowerShell) for automation and integration.
    • Knowledge of security technologies such as firewalls, endpoint protection, IDS/IPS, and threat intelligence platforms.
    • Practical experience working with Google SecOps tools and Chronicle for centralized threat intelligence and event correlation a plus.

    Soft Skills

    • Strong analytical and problem-solving skills.
    • Team player, ability to work with internal teams and external customers.
    • Ability to work under pressure in a fast-paced, dynamic environment.

    Preferred Skills

    • Experience with security orchestration, automation, and response (SOAR) platforms.
    • Exposure to cloud security platforms (e.g., AWS, Azure, Google Cloud) and the associated risks.

Similar jobs