Cybersecurity Threat Hunter

West Monroe isn't a start-up firm, but we act like one. 

From day one, our people have the opportunity to make a definitive personal impact for their clients and their careers. What does this mean? It means we seek out the best of the best, and then we challenge them to make us better. 

If you are looking to be a "behind the scenes" technologist, this isn't the place for you. We celebrate driven professionals who thrive in a collaborative environment. We are a team of enthusiasts who are always focused on improving our execution and our client's performance. Sound interesting? Then West Monroe Partners might be the place for you. 

Think you're up to the challenge? 

West Monroe is currently seeking a Cybersecurity Threat Hunter to proactively identify, analyze, and mitigate advanced cyber threats targeting our organization. This role is integral to our security operations team, focusing on threat hunting, incident response, forensic investigations, and recovery efforts to strengthen our cybersecurity resilience. The ideal candidate possesses a deep technical understanding of adversary tactics, techniques, and procedures (TTPs), along with hands-on experience in cyber incident detection, containment, and remediation.  

Qualifications: 

• 5+ years of experience in cybersecurity roles, with a focus on threat hunting, incident response, and forensic investigations.  
• Deep understanding of cyber attack lifecycle, adversary behaviors, and advanced threats (e.g., MITRE ATT&CK, Cyber Kill Chain).  
• Experience with SIEM (Splunk, Azure Sentinel.), EDR (CyberReason, Microsoft Defender.), SOAR, and forensic tools.  
• Proficiency in log analysis, network traffic analysis (PCAP, NetFlow), and endpoint telemetry for threat detection.  
• Hands-on expertise in memory forensics, disk forensics, malware analysis, and triage investigations. 
• Strong scripting and automation skills (Python, PowerShell, Bash, etc.).  
• Knowledge of cloud security principles (AWS, Azure, GCP) and cloud-native threat detection methodologies.  
• Ability to work under pressure and rapidly respond to high-severity security incidents. 

Specific skills include, but are not limited to, the ability to: 

Proactive Threat Hunting & Threat Intelligence 

• Conduct proactive threat-hunting using SIEM, EDR, and threat intelligence platforms to detect indicators of compromise (IOCs) and advanced persistent threats (APTs). 
• Develop custom detection rules and analytics based on MITRE ATT&CK, TTPs, and anomaly-based behaviors. 
• Identify gaps in security monitoring and work with SOC and engineering teams to improve detection capabilities. 
• Ability to correlate threat intelligence with internal telemetry to identify emerging threats. 

Incident Response & Recovery 

• Lead incident response investigations, including root cause analysis, containment, eradication, and recovery of impacted systems. 
• Perform digital forensics and malware analysis to understand attack vectors and minimize dwell time. 
• Develop and maintain incident response playbooks, forensic methodologies, and breach response strategies. 
• Collaborate with cross-functional teams to ensure effective business recovery and resilience following security incidents. 

Security Analytics & Automation 

• Leverage SIEM, SOAR, and EDR/XDR solutions to correlate security events and streamline threat-hunting workflows. 
• Automate common investigative tasks to improve efficiency and reduce manual overhead. 
• Continuously assess and refine incident detection and response procedures to stay ahead of evolving threats. 
• Experience securing and monitoring network protocols (e.g., DNS, HTTP, SMB) to identify abnormal traffic patterns. 

Vulnerability & Risk Management 

• Work closely with vulnerability management teams internally and with external MSSP partners to identify and prioritize remediations based on real-world exploitability. 
• Assess and improve endpoint, network, and cloud security configurations to mitigate security risks. 

Collaboration & Reporting 

• Provide management-level briefings and technical reports on threat hunting findings, incidents, and security trends. 
• Collaborate with MSSP, security architects, and SOC analysts to enhance defensive security strategies. 
• Participate in tabletop exercises, purple team engagements, and post-mortem reviews to enhance incident response preparedness. 

Education & Certification Requirements 

Required Education: 

• Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or a related field. 
• Equivalent work experience may be considered in lieu of a degree for highly qualified candidates. 

Required Certifications (At least one): 

• GIAC Certifications: GCIH (Incident Handler), GCFA (Forensic Analyst), GNFA (Network Forensics), GREM (Reverse Engineering Malware), or GCIA (Intrusion Analyst). 
• Offensive Security Certifications: OSCP, CRTO, GPEN, or similar. 
• Cloud Security Certifications: AWS Security Specialty, Azure Security Engineer, or equivalent. 

Preferred Certifications (Bonus): 

• CISSP, CISM, or other industry-recognized security certifications. 
• CEH, CHFI, or similar for additional forensic and ethical hacking expertise.