Process Engineer - Security Operations Center (SOC)

Description

Job Summary: The Senior Threat Hunter proactively hunts for threats in Cloud and Hybrid environments, combining investigative curiosity with technical precision to anticipate and neutralize attacks. Key Highlights: 1. Hypothesis-Driven Hunting for MITRE ATT&CK TTPs 2. Detection Engineering with Robust Rules for SIEM/EDR 3. Collaboration with Red Team in Purple Teaming The Senior Threat Hunter is responsible for leading proactive threat hunting efforts targeting threats that have evaded traditional security controls. Rather than waiting for alerts to appear in the SOC, this role builds hypotheses based on Cyber Threat Intelligence (CTI) and attacker TTPs to uncover adversary traces across Cloud and Hybrid environments. This position blends the curiosity of a researcher with the technical precision of a pentester. Key Responsibilities **Hypothesis-Driven Hunting:** Design and execute monthly hunting campaigns targeting specific MITRE ATT\&CK TTPs. **Detection Engineering:** Translate hunting findings and newly discovered vulnerabilities (0\-days) into robust detection rules (KQL, FQL, Sigma, SPL) for SIEM/EDR. **Forensic and Telemetry Analysis:** Correlate logs from multiple sources (Endpoints, Network, CloudTrail, Auth Logs) to reconstruct the attack chain. **Purple Teaming:** Collaborate with the Red Team to validate sensor visibility against simulated attacks. **Automation:** Develop new threat-hunting queries that will later be converted into SOC detection rules. **Reporting:** Produce technical findings reports, citing research, evidence of compromise, and recommended action plans. Are you looking to work at an organization committed to the holistic development of our country? BancoEstado is the place for you! We are a bank dedicated to supporting individuals and businesses nationwide by creating innovative, sustainable, and inclusive financial solutions that contribute to community progress. We believe success is built on talented and passionate people, so we foster a workplace where innovation, collaboration, and professional development are integral to our daily work. Requirements Technical Requirements **Experience:** Minimum 5 years in Cybersecurity, including at least 2 years exclusively focused on Threat Hunting, Blue Team / Red Team, or advanced Incident Response. **Query Proficiency:** Expert-level experience with telemetry search languages (KQL, FQL, or Splunk SPL). **Environments:** Demonstrable operational experience in cloud platforms (AWS/Azure/GCP) and identity management (Azure AD/IAM). **Offensive Knowledge:** Understanding of persistence, lateral movement, and exfiltration techniques. **Desirable Certifications:** **Defensive:** GCTI (SANS), GCDA, Blue Team Level 2\. **Offensive:** OSCP, eJPT, or CEH (v12\). **Strategic:** Diplomas in GRC or Cybersecurity Management. Benefits **Our Offer:** Fixed-term contract for 6 months, with potential conversion to indefinite-term based on performance. Weekly working hours: 40, Monday to Friday, promoting work-life balance. Apply now and join \#TalentoBancoEstado! This opportunity reflects our commitment to labor inclusion. If you require any reasonable accommodation during the selection process, please let us know. Upon joining our organization under an indefinite-term contract, you will be eligible for benefits established in the current collective bargaining agreement. These include: \-Scholarship Bonus \-Vacation Bonuses \-Childcare Center \-Nursery (standard and alternative modalities) \-Annual undergraduate and graduate scholarship program \-Holiday bonuses \-Access to BancoEstado resorts at preferential rates \-And other benefits designed for your well-being and that of your family.