Job Description

Centurion is looking for multiple Threat Hunting Analyst for a remote opportunity

Role Title: Threat Hunting Analyst
Department: Cyber Security – Threat Detection and Response
Reports To: Associate Director, Threat Hunting

• The Threat Hunting Analyst is responsible for proactively identifying malicious activity and
  emerging threats across the organization’s global technology environment before they result
  in material incidents.
• This role focuses on hypothesis-driven hunts, advanced analysis of security telemetry, and
  development of high-fidelity detections that enhance the organisation’s ability to detect and
  respond to sophisticated adversaries.
• Threat Hunting Analyst works closely with Security Incident Response, SOC analysts, and Threat Intelligence to turn attacker tradecraft and knowledge of the environment into actionable hunts, detections, and security improvements.

• Plan and execute hypothesis-driven hunts across endpoints, network, cloud, and identity platforms using SIEM, EDR, NDR, and other security telemetry sources.
• Use the MITRE ATT&CK framework and knowledge of adversary TTPs to design and prioritise hunt campaigns.
• Identify anomalous behaviours, stealthy attack patterns, and indicators of compromise that evade standard alerting.

Detection Engineering and Continuous Improvement

• Translate successful hunts into robust, high-quality detections, alert logic, and playbooks for SOC and Incident Response teams.
• Tune existing rules and playbooks to reduce false positives and improve signal-tonoise ratio.
• Contribute to documentation of hunt playbooks, detection use cases, and detection coverage maps.

Threat Intelligence Consumption

• Integrate internal and external threat intelligence into hunt hypotheses and detection logic.
• Monitor relevant threat actor activity, campaigns, and malware families targeting the organization and its sector.
• Provide feedback to Threat Intelligence teams on observed behaviors and collection gaps.

Incident Support

• Support Incident Response activities by assisting in scoping, impact assessment, and root cause identification when threats are discovered during hunts.
• Provide detailed analysis, timeline reconstruction, and artefact review to support containment and eradication actions.

Data Analysis and Tool Usage

• Use advanced search and query languages (e.g. KQL, SPL, SQL) to interrogate large volumes of security telemetry.
• Apply basic scripting or automation (e.g. Python, PowerShell) to support data enrichment, correlation, and hunt execution.
• Collaborate with platform owners (e.g. SIEM, EDR, cloud security platforms) to ensure appropriate data sources and visibility for effective hunting.

Reporting and Collaboration

• Document hunt plans, methodologies, findings, and detection improvements in a clear and repeatable format.
• Present hunt outcomes and insights to SOC, Incident Response, and other security stakeholders.
• Work with infrastructure, application, and cloud teams to validate findings and remediate root causes.

Qualifications, Skills and Experience

Required:

• Experience (typically 2–4 years) in at least one of the following areas: threat hunting, SOC operations, incident response, malware analysis, digital forensics, or security engineering.
• Practical experience with at least one enterprise SIEM (e.g. Splunk, Microsoft Sentinel) and one endpoint protection/EDR solution.
• Strong understanding of: Network and endpoint security concepts (Windows, Linux; identity/Active Directory/Azure AD; common network protocols).
• The MITRE ATT&CK framework and common adversary techniques (e.g. lateral movement, credential access, persistence).
• Detection and alerting concepts, including correlation rules and playbooks.
• Ability to query and analyse large data sets using search / query languages (e.g. KQL, SPL, SQL).
• Strong analytical thinking, pattern recognition, and problem-solving skills.
• Clear written and verbal communication skills in English, with the ability to explain complex technical issues to both technical and non-technical audiences.

Preferred:

• Experience working in a global or highly regulated environment (e.g. healthcare, pharmaceuticals, financial services, critical infrastructure).
• Exposure to cloud platforms (e.g. Azure, AWS, GCP) and cloud security telemetry.
• Familiarity with UEBA, NDR, or identity security tools.
• Experience with scripting and automation (e.g. Python, PowerShell) to support hunts and data enrichment.
• Familiarity with digital forensics and incident response (DFIR) concepts (e.g.timelines, artefact analysis, memory/disk forensics).
• Relevant security certifications (e.g. GIAC GCDA, GCIA, GCIH, GCFR, Azure/AWS security certifications, or equivalent).

Key Competencies

• Strong investigative mindset and curiosity, with a focus on uncovering unknown threats rather than only responding to alerts.
• High attention to detail and rigor in documenting methods, assumptions, and findings.
• Collaborative approach to working with other cyber security teams, IT, and business stakeholders.
• Ability to manage multiple concurrent hunts and tasks, and to prioritize based on risk and business impact.
• Commitment to continuous learning about new threats, tools, and hunting techniques