Senior Analyst - Cyber Threat Hunter
The Opportunity
The Cyber Threat Hunter proactively looks for advanced threats that are not caught by traditional security controls. The Threat Hunter will build and validate hypotheses across endpoint, network, cloud, and identity data, then work with detection engineers and penetration testers to translate what you learn into new or tuned detections, playbooks, and monitoring improvements. This is a hands-on role for an analyst with solid SOC/IR or detection experience who enjoys investigative work more than reacting solely to alerts
Responsibilities
- Perform data-driven threat hunting and investigations across EDR, SIEM, identity (AD/Azure AD/IdP), cloud (Azure/AWS/GCP), email, DNS and web proxy logs to identify credential abuse, lateral movement, admin tool abuse, cloud/identity misuse, C2 and exfiltration patterns
- Establish and refine behavioral baselines for key users, systems and applications, using those baselines to distinguish normal but noisy activity from genuinely suspicious behavior
- Convert successful hunts into candidate detections (rules, analytics, scheduled queries, watchlists) and work with detection engineers/other hunters to test and tune detections by simulating attacker behavior and reducing noise before rollout
- Build and prioritize hunt hypotheses based on CTI, recent campaigns, pentest findings, new technology rollouts and known gaps, and plan required data sources, time ranges and techniques for each hunt
- Collaborate with CTI, SOC/Incident Response and pentesters to operationalize intelligence into concrete hunts, support high-priority investigations and verify that previously exploited attack paths are now visible and detectable
- Maintain a hunt backlog and documentation of hypotheses, methods and outcomes; develop repeatable playbooks and investigative patterns; and provide written summaries and briefings to security leadership and partner teams
Requirements
- Bachelor’s degree in Cybersecurity or Computer Science
- Master’s degree in Cybersecurity or Computer Science
- 3–5 years of experience in roles such as SOC analyst, incident responder, detection engineer, or threat hunter, with demonstrable experience analyzing security telemetry
- 4+ years of experience in roles such as SOC analyst, incident responder, detection engineer, or threat hunter, with demonstrable experience analyzing security telemetry.
- Hands-on experience performing data-driven threat hunting and investigations across EDR, SIEM/log analytics, identity (AD/Azure AD/IdP), cloud (Azure/AWS/GCP), email, DNS and web proxy logs.
- Proficiency with SIEM / log query languages (e.g., KQL, S1QL) for building and refining ATT&CK-aligned hunting queries and analytics.
- Solid understanding of attacker TTPs and the MITRE ATT&CK framework, especially credential abuse, lateral movement, misuse of administrative tools, cloud/identity abuse, command and control, and data exfiltration.
- Certifications Preferred : GCDA, GCIH, SC-200
Preferred Qualifications
- Master’s degree in Cybersecurity, Computer Science, or a related field
- 7+ years of offensive security or penetration testing experience
- Certifications such as OSCP, GPEN, GXPN, CEH,eCPPT,eWAPT,CPENT or equivalent
- Familiarity with secure SDLC practices and contributing to security standards and playbooks
- Experience testing AI/ML-enabled systems and identifying AI-specific abuse cases
Work Mode & Environment
- Location: Kraków, Poland
- Working Days: Monday -Friday
- Working Hours: 9 am-5 pm
- Hybrid work: 2 days in office and 3 days remote
Why Join Us
- Be part of a global cybersecurity team protecting a dynamic enterprise environment.
- Opportunity to work with modern security technologies and drive tool innovation.
- Collaborative culture with professional development opportunities.
- Hybrid work model with our Kraków office as the primary location.