Analyst, Cyber Threat Hunting | ONSITE

Cyber Threat Hunting Analyst

Work Location: ONSITE - Dallas, TX

The Threat Intelligence and Response Analyst must be an adaptable team-player who loves to collaborate with others. You must be familiar with threat hunting operations and possess the technical problem-solving skills that enable American airlines to proactively prevent breaches. Communication skills are critical to this role’s success. For this position, we’re looking for someone to work hybrid with occasional on-call duties.

Responsibilities:

• Act as a trusted advisor on advanced threat hunting operations, proactively identifying threats, insider misconduct, and anomalous behavior.
• Lead hunt missions by leveraging threat intelligence, multi-source data, and brainstorming sessions to uncover malicious activity.
• Utilize advanced threat hunting techniques and tools to detect, analyze, and respond to security threats. This includes identifying threat actor groups, analyzing command and control (C2) structures, and developing network and host-based Indicators of Compromise (IOCs) or Indicators of Attack (IOAs).
• Investigate and analyze alerts for suspicious or malicious activity across corporate environments, supporting remediation efforts.
• Develop and execute proactive threat hunting methodologies, including defining search criteria to uncover undetected threats.
• Identify and address detection gaps by collaborating with Cyber Security stakeholders to enhance security controls and processes.
• Evaluate and recommend security tools and technologies for threat analysis, impact assessment, and mitigation.
• Conduct root cause analysis, review incident lessons learned, and support compliance audits to improve security posture.
• Participate in threat hunting exercises and tabletop simulations to strengthen cyber resilience.
• Mentor team members, sharing knowledge and best practices to enhance their technical capabilities.
• Detect and respond to threats using security solutions such as SIEM, data lakes, and cloud platforms.
• Support threat response efforts and conduct ad-hoc threat hunts as needed.
• Maintain technical proficiency in Information Security controls, including endpoint, cloud, SaaS, identity, and network security.
• Demonstrate expertise in Endpoint Detection and Response (EDR) tools and techniques.
• Apply foundational knowledge of Digital Forensics and Incident Response (DFIR) processes to threat investigations.

Required:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science or a related field; advanced degree preferred.
• 4+ years of experience in the cybersecurity industry, with demonstrated roles in SOC, Incident Response, Threat Intelligence, Malware Analysis, IDS/IPS Analysis, or related functions.
• Proven ability to independently investigate and analyze alerts for anomalous, suspicious, or malicious activity in a corporate environment and support remediation efforts.
• Experience conducting proactive threat hunts, including developing custom search criteria and identifying intrusions or potential incidents.
• Strong understanding of cyber adversarial tactics, techniques, and procedures (TTPs) related to Cyber Crime, Malware, Botnets, Hacktivism, Social Engineering, APTs, and Insider Threats.
• Proficient in Endpoint Detection and Response (EDR) tools and capabilities, with hands-on experience using CrowdStrike, Microsoft Defender, and other major vendors.
• Foundational knowledge of Digital Forensics and Incident Response (DFIR) processes.
• Experience with large dataset analysis and log analysis tools, including Securonix, Snowflake, Python, Pandas, and SQL.
• Skilled in using Regular Expressions, YARA, SIGMA rules, FQL, KQL, and at least one scripting language such as Python, PowerShell, or PERL.
• Strong understanding of cyber adversarial frameworks like MITRE ATT&CK and Lockheed Martin’s Cyber Kill Chain.
• Hands-on experience hunting for Indicators of Compromise (IOCs) in SIEM and EDR tools such as Securonix, Microsoft Defender, Microsoft Purview, Microsoft Sentinel, Palo Alto XSOAR, ThreatConnect, and Recorded Future.
• Excellent written and verbal communication skills with the ability to explain technical threat hunt objectives and findings to both technical and non-technical audiences, effectively communicating associated risks.