Job Summary: The Senior Threat Hunter proactively leads the search for threats that evade security controls, building hypotheses and combining investigative curiosity with technical precision. Key Highlights: 1. Hypothesis-Based Hunting for MITRE ATT&CK TTPs 2. Detection Engineering for Robust Rules (KQL, FQL, Sigma, SPL) 3. Forensic and Telemetry Analysis to Reconstruct Attacks The Senior Threat Hunter is responsible for leading proactive threat hunting against adversaries that have evaded traditional security controls. Rather than waiting for alerts to be generated in the SOC, this role builds hypotheses based on Cyber Threat Intelligence (CTI) and attacker TTPs to identify adversary traces across Cloud and Hybrid environments. This position combines the curiosity of a researcher with the technical precision of a Pentester. Key Responsibilities **Hypothesis-Based Hunting:** Design and execute monthly hunting campaigns targeting specific MITRE ATT\&CK TTPs. **Detection Engineering:** Translate hunting findings and newly discovered vulnerabilities (0\-days) into robust detection rules (KQL, FQL, Sigma, SPL) for SIEM/EDR systems. **Forensic and Telemetry Analysis:** Correlate logs from multiple sources (Endpoints, Network, CloudTrail, Auth Logs) to reconstruct the attack chain. **Purple Teaming:** Collaborate with the Red Team to validate sensor visibility against simulated attacks. **Automation:** Develop new threat searches that will eventually become detection rules in the SOC. **Reporting:** Produce technical findings reports, citing research, evidence of compromise, and recommended action plans. Are you looking to work at an organization committed to the holistic development of our country? BancoEstado is the place for you! We are a bank committed to supporting individuals and businesses across the country by creating innovative, sustainable, and inclusive financial solutions that contribute to community progress. We believe success is built on talented and passionate people; therefore, we foster a work environment where innovation, collaboration, and professional development are integral to our daily operations. Requirements Technical Requirements **Experience:** Minimum 5 years in Cybersecurity, including at least 2 years exclusively dedicated to Threat Hunting, Blue Team / Red Team, or advanced Incident Response. **Query Proficiency:** Expert-level experience with telemetry query languages (KQL, FQL, or Splunk SPL). **Environments:** Demonstrable operational experience in cloud platforms (AWS/Azure/GCP) and understanding of identity systems (Azure AD/IAM). **Offensive Knowledge:** Understanding of persistence, lateral movement, and exfiltration techniques. **Desirable Certifications:** **Defensive:** GCTI (SANS), GCDA, Blue Team Level 2\. **Offensive:** OSCP, eJPT, or CEH (v12\). **Strategic:** Diplomas in GRC or Cybersecurity Management. Benefits **Our Offer:** Fixed-term contract for 6 months, with potential conversion to indefinite-term based on performance. Weekly working hours: 40, Monday through Friday, promoting work-life balance. Apply now and join \#TalentoBancoEstado! This opportunity reflects our commitment to labor inclusion. If you require any reasonable accommodation during the selection process, please let us know. Upon joining our organization under an indefinite-term contract, you will be eligible for benefits established in the current collective bargaining agreement. These include: \-Education Bonus \-Vacation Bonuses \-Childcare Center \-Nursery (standard and alternative modalities) \-Annual undergraduate and graduate scholarship program \-Holiday bonuses \-Access to BancoEstado seaside resorts at preferential rates, and other benefits designed for your well-being and that of your family.