IT Security Analyst - Threat Hunting & Detection

Job Description :

• Significant experience in SOC, CERT, or CSIRT environments, with expertise in Threat Hunting, Detection Engineering, and Incident Response.
• Proficiency in creating and simulating hypothetical threat scenarios to anticipate and combat potential attack vectors.
• Hands-on experience in developing advanced threat detection analytics rules in Microsoft Sentinel using KQL (Kusto Query Language).
• In-depth understanding and practical application of the MITRE ATT&CK framework for mapping detection rules and identifying attacker tactics, techniques, and procedures (TTPs).
• Practical knowledge of security technologies, including firewalls, IDS / IPS, SIEM, endpoint detection, anti-malware, and vulnerability assessment tools.
• Strong expertise in configuring, optimizing, and maintaining Microsoft security products, including Sentinel, Defender for Cloud, Endpoint, Identity, Office 365, Exchange, and Azure Active Directory.
• Solid understanding of networks, cloud infrastructures, operating systems (Windows, Linux), and evolving cyberattack methods.
• Experience in correlating threat intelligence feeds with detection engineering to identify and mitigate advanced threats.
• Proven ability to analyze large volumes of security logs and data to craft precise, high-fidelity detection rules while reducing false positives.
• Proficiency in log management and developing consolidated security dashboards to support continuous monitoring.
• Excellent communication and collaboration skills to effectively share findings and work with cross-functional teams.
• Passionate about proactive cybersecurity measures, with a strong desire to stay updated on emerging threats and technologies.

Role and Responsibilities :

1. Gather, process, and analyze threat intelligence feeds to identify emerging threats.

2. Proactively communicate relevant threat scenarios and provide actionable insights.

1. Develop and fine-tune advanced KQL queries and analytics rules in Microsoft Sentinel to detect sophisticated attack vectors.

2. Build and test hypothetical threat scenarios to enhance threat detection capabilities.

3. Optimize detection systems to minimize false positives and maximize precision.

1. Collaborate with SOC, CERT, or CSIRT teams for effective incident monitoring and response.

2. Investigate and respond to cybersecurity incidents, including forensic analysis of attack patterns.

1. Configure, monitor, and maintain security tools such as SIEM (Microsoft Sentinel), Defender for Cloud, antivirus solutions, and consolidated security dashboards.

1. Participate in developing and implementing security concepts, hardening guidelines, and monitoring systems.

2. Perform penetration tests, vulnerability assessments, and audits to ensure robust security measures.

3. Contribute to the creation and refinement of SOC policies, processes, and :

(ref : hirist.tech)