Lead Threat Hunter

Lead Threat Hunter

• We are one of the largest Cyber Security Teams in the Southern Hemisphere
• Fantastic opportunity to work with some of the best security minds in the industry

See yourself in our team:

The Cyber Threat Hunting team is a skilled and diverse group with a passion for DFIR, data analytics, and dissecting cyber threat actor behaviour. Our mission is to actively discover, and disrupt, adversarial operations that have evaded standard security controls, and operationalise the gathered intelligence to improve the Group's cyber resiliency. We are part of the Cyber Detection & Response function which is responsible for detecting, containing, and remediating cyber-attacks against the Group.

Team Values:

• We are committed to safeguarding a brighter future for all by contributing to a globally recognised, end-to-end security and resilience function that continually evolves and adapts as the world around us does.
• We take pride in seeking operational excellence through the optimised use of people, process, and technology.
• We take responsibility for our commitments and demonstrate leadership at every level of the team to drive high-quality outcomes which add value within the team, and the broader Group.

Do work that matters:

• Lead a high-performing threat hunting team that effectively contributes to the capability of the detection and response function to identify and respond to cyber-attacks.
• Co-ordinate the threat hunt team’s workload to maintain and execute a prioritised backlog of hypotheses aligned to threat intelligence.
• Oversee the process of findings management to ensure intelligence is disseminated in a timely manner and the progress of remediation is tracked and reported to management.
• Generate and execute hypothesis-based hunts, contributing to the threat hunt team’s operational targets and key result areas.
• Collaborate with internal teams to ensure hunt processes are aligned with the broader detection and response strategies.
• Collaborate with engineering teams to enhance platforms, automate tasks, and embed AI in to threat hunt processes to increase productivity.
• Mentor and support the development of the threat hunt team to foster a culture of continuous learning and innovation.
• Stay updated on emerging threats, APT groups, and attack vectors.

We are interested in people who have:

• Demonstrated experience in leading a Threat Hunt team, or similar roles in Incident Response, SOC, or other defensive / offensive disciplines.
• Expert knowledge and hands-on experience of investigating real-world cyber-attacks in various environments (on-premises and cloud).
• Exposure to offensive security principles and hacking techniques.
• Exposure to artificial intelligence and automation as it can be used to accelerate and enrich threat hunting.
• Familiarity with frameworks like PEAK, MITRE ATT&CK, and MITRE ATLAS.
• Practical experience with YARA, SIGMA, and SNORT rules.
• Understanding of the threat intelligence cycle and OSINT techniques.

Technical Requirements:

• Adversary tactics and techniques (MITRE ATT&CK)
• Threat hunting methodologies (PEAK)
• Security tools and monitoring (SIEM, EDR, IDS)
• Detection engineering and scripting
• Incident response and forensics
• Infrastructure, network, OS, and cloud expertise

Additional Desirable Skills:

• Coding experience using Python to create automation scripts.
• Familiarity with AI architecture and hunting for common attack techniques leveraging MITRE ATLAS.
• Experience developing Jupyter Notebooks for data modelling, analysis, and visualisation.
• Exposure to Agile and/or DevOps principles.
• Experience engineering detections based on attacker tradecraft and available telemetry.
• Relevant certifications such as GCFA, GCFR, GCIA, GEIR, GCDA, OSCP are a plus.