Threat Hunter

CQURE is a provider of specialized IT security services such as advanced penetration testing, security audits, and forensic IT investigations. CQURE experts also conduct conference sessions and training programs for international organizations and top management. Our clients range from small businesses to global corporations in Europe, the USA, the Middle East, Southeast Asia, and Africa. We provide services to various industries, including government organizations, financial institutions, military units, healthcare organizations, ministries, airlines, and more.

We are seeking a skilled Threat Hunter to proactively identify, analyze, and mitigate advanced cyber threats across enterprise environments. This role requires deep expertise in various Security Information and Event Management (SIEM) systems, threat intelligence, and endpoint detection and response (EDR) platforms. The ideal candidate will work with multiple security tools, conduct Advanced Threat Hunting (ATH), and improve detection capabilities.

Responsibilities:

• Proactively hunt for advanced persistent threats (APTs), malware, and insider threats within enterprise environments.
• Analyze security telemetry from various sources, including SIEM, EDR, XDR, and cloud security tools to detect and investigate anomalies.
• Develop and optimize hunting queries, detections, and automation in SIEMs and threat-hunting platforms.
• Conduct forensic investigations on suspicious activity, using logs, memory analysis, and behavioral analytics.
• Leverage threat intelligence to correlate security incidents and improve detection strategies.
• Collaborate with incident response (IR) teams to remediate and mitigate threats.
• Identify gaps in security monitoring, recommend improvements, and implement threat detection enhancements.
• Research and implement new hunting methodologies based on emerging threats and attacker tactics, techniques, and procedures (TTPs).
• Develop detection rules, scripts, and custom SIEM queries to improve security monitoring.
• Document threat-hunting findings, create reports, and present to stakeholders.

Requirements:

• 6+ years of experience in providing cybersecurity services or training,
• Expert level IT skills and knowledge (cybersecurity),
• Vast experience in IT infrastructure management, deployment and testing,
• Interest in IT security, cloud solutions, network security and server administration technologies,
• Bachelor's Degree in Information Technology or related field of study,
• English (at least B2 level).

Certifications (Preferred but not required):

• GIAC Certified Threat Intelligence Analyst (GCTI)
• GIAC Certified Incident Handler (GCIH)
• GIAC Security Operations Certified (GSOC)
• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• Splunk Core Certified Power User
• AWS Certified Security – Specialty
• Certified Information Systems Security Professional (CISSP)                                                                           

Work Environment & Expectations:

• Ability to work in a 24/7 SOC or threat-hunting team as required.
• Flexibility to adapt to evolving cyber threats and changing hunting techniques.
• Strong desire for continuous learning and staying updated with cyber threat intelligence.

SIEM Platforms (Experience with 2 or more is preferred):

• Microsoft Sentinel
• Splunk Enterprise Security
• IBM QRadar
• Crowdstrike solutions
• ArcSight (OpenText Security Operations)
• Chronicle SIEM (Google Cloud)
• LogRhythm
• Securonix Next-Gen SIEM

Threat Hunting & Detection Platforms:

• Microsoft Defender Threat Hunting (Advanced Hunting - KQL)
• Microsoft Defender XDR
• CrowdStrike Falcon Insight
• Palo Alto Cortex XDR
• SentinelOne Singularity
• Elastic Security (Kibana queries for threat hunting)
• VMware Carbon Black Response
• RSA NetWitness

Cloud Security & Monitoring:

• Azure Security Center & Defender for Cloud
• AWS GuardDuty & Security Hub
• Google Chronicle & Security Command Center
• Cisco SecureX

Threat Intelligence & Forensic Tools:

• MITRE ATT&CK Framework (for mapping TTPs)
• MISP (Malware Information Sharing Platform)
• Wireshark (Network Traffic Analysis)
• Volatility etc.
• Sysmon, Windows Event Logs (Log Analysis)

Form of employment:

• Flexible form of employment (B2B, employment contract),
• Hybrid or in the office in Warsaw Centre,
• Flexible working hours.

Salary:

Based on the experience and skill set (12 000 – 20 000 PLN net)

Benefits:

• Working with top IT specialists on international projects
• Many challenges, opportunities for development, and task variety – every project is different!
• Competitive salary and stable employment conditions
• A relaxed work atmosphere, flexible working hours, and no dress code policy
• A cafeteria system (points can also be exchanged for shopping/travel vouchers, movie/theater tickets, etc.) and/or a subsidized MultiSport card (preferential conditions for accompanying persons) – you decide what you choose!
• Subsidized private medical care and the possibility of including family members on preferential terms
• A modern office with weekly team lunches and daily enjoyment of specialty coffee :)
• Holiday gift packages for employees and their children

We reserve the right to contact only selected candidates.

What does the recruitment process look like?

If your CV catches our attention, the next steps will be as follows:

1. We will contact you by phone to schedule the first recruitment meeting.
2. In a video call or a live meeting at the office, you will meet the team manager and discuss the job role—this will also be an opportunity to ask questions and get to know each other better.
3. If you pass the interview successfully, you will most likely receive recruitment tasks to complete.
4. If we like how you solve the tasks, you can expect a second interview, during which you will meet the CEO.
5. Finally, you will receive either an offer or a thank-you note with feedback on your participation in the recruitment.