Blackthorne ConsultingRemote
Threat Detection and Hunt Engineer
United States of America
Full Time
3 weeks ago
Visa Sponsor
Key skills
Detection EngineeringThreat HuntingSOC EngineeringEndpoint SecurityNetwork SecuritySIEMEDREnterprise TelemetrySQLAdversary Techniques MappingStructured Threat HuntingSplunkSentinelElasticSigma Detection FrameworkDetection AutomationJupyterhubPandasParquetS3PythonPowerShellCommitment to measurable outcomes
About this role
Blackthorne Consulting is a mission-focused consulting organization seeking a Threat Detection and Hunt Engineer. This role involves designing and improving detection capabilities in enterprise environments, conducting threat hunting activities, and collaborating with client teams to enhance security monitoring and detection processes.
Responsibilities:
- Develop Detection Capabilities
- Build, test and validate detection logic across SIEM, EDR, identity, and cloud telemetry sources
- Develop detection rules aligned to adversary tactics and techniques
- Maintain and improve detection rule libraries and detection coverage frameworks
- Assess and improve security logging programs’ quality and coverage
- Conduct Threat Hunting Activities
- Conduct structured, threat intelligence and hypothesis-driven threat hunts across enterprise telemetry sources
- Analyze endpoint, identity, network, and cloud activity to identify behaviors consistent with adversary tradecraft
- Investigate anomalous or suspicious activity that may indicate previously undetected attacker activity
- Convert threat hunting discoveries into new detections, enrichment sources, or logging improvements where possible
- Identify data quality and coverage issues in large threat hunt data sets
- Document threat hunting methodologies and findings to support repeatable threat hunting operations
- Validate Detection Effectiveness
- Test detection coverage using advanced analytical techniques
- Collaborate with red team and threat intelligence teams to identify viable candidates for detection logic development
- Continuously tune detections to improve signal quality and reduce false positives
- Improve Client Security Monitoring
- Assess Client telemetry and logging capabilities
- Work directly with Client teams to implement detection improvements
- Support Client teams in developing repeatable threat hunting methodologies and investigative workflows
- Contribute to Detection Engineering Frameworks
- Maintain detection engineering standards and methodologies
- Develop automation for detection deployment and testing
Requirements:
- 4+ years experience in detection engineering, threat hunting, or SOC engineering
- 2+ years experience in endpoint and / or network security roles
- Experience developing SIEM or EDR detections
- Familiarity with enterprise telemetry sources
- Experience with SQL-based query schemas
- Experience mapping detections to adversary techniques
- Experience conducting structured threat hunting activities across enterprise telemetry
- Experience with Splunk, Sentinel, Elastic, or similar SIEM platforms
- Experience with Sigma or similar detection frameworks
- Experience building detection automation pipelines
- Experience with Jupyterhub, Pandas, Parquet, SQL, S3 and other large scale data storage and analysis tools
- Experience conducting threat hunts across endpoint, identity, or cloud telemetry
- Experience validating detections using adversary simulation or red team exercises
- Experience using scripting languages (Python, PowerShell, etc.) for investigation or automation