Lead proactive threat hunting operations across enterprise environments, including adversary emulations, live hunts, and investigative assessments. Identify anomalous behaviors and translate findings into actionable detections. Apply hypothesis-driven hunting methodologies, leveraging threat intelligence, behavioral analytics, and the MITRE ATT&CK framework to identify gaps in detection and control coverage. Analyze telemetry across the enterprise security stack (endpoint, network, identity, cloud, email, SIEM/ XDR) and pivot across datasets to identify advanced threats and hidden attacker activity. Identify and validate adversary techniques, mapping observed activity to ATT&CK and informing improvements to detection logic, alerting, and response workflows. Enhance detection engineering efforts by developing, tuning, and validating rules, analytics, and behavioral detections based on hunt findings and adversary simulations. Leverage scripting and automation (e.g., Python, PowerShell, KQL, SQL) to scale threat hunting activities, enrich data, and improve investigative efficiency. Utilize advanced analytics and AI-assisted techniques to accelerate the identification of suspicious or malicious activity. Collaborate across CSOC and engineering teams to validate findings, operationalize detections, and strengthen defensive capabilities. Produce clear and actionable reporting, including hunt reports, detection gap analyses, and executive summaries that translate technical findings into business risk and recommended actions. Support incident response when required, providing deep investigative expertise, threat context, and rapid escalation of critical findings. Mentor and guide team members, sharing threat hunting methodologies, tooling expertise, and investigative techniques to improve overall team capability and maturity. Continuously evaluate and improve hunt processes, tooling, and methodologies to advance threat hunting maturity and operational effectiveness. Qualifications. Preferred 3 - 5 years of experience in threat hunting, detection engineering, incident response, or security operations. Strong understanding of threat actor tactics, techniques, and procedures (TT - Ps) and modern attack methodologies. Hands-on experience with enterprise telemetry and security platforms (EDR, SIEM, network monitoring, cloud security tools). Proven application of the MITRE ATT&CK framework for threat detection, gap analysis, and adversary mapping. Proficiency in scripting and query languages (Python, PowerShell, KQL, SQL, or equivalent). Experience with data analysis and large-scale investigation workflows. Strong written and verbal communication skills, with the ability to translate technical findings into business-relevant risk. Experience working in cross-functional security teams (SOC, IR, Threat Intelligence, Detection Engineering). Relevant certifications (e.g., CISSP, GCFA, GCIH, GCDA, or equivalent) preferred.