Cyber Threat Hunter

Cyber Threat Hunter

Calling all innovators - find your future at Fiserv. We're Fiserv, a global leader in Fintech and payments, and we move money and information in a way that moves the world. We connect financial institutions, corporations, merchants and consumers to one another millions of times a day - quickly, reliably, and securely. Any time you swipe your credit card, pay through a mobile app, or withdraw money from the bank, we're involved. If you want to make an impact on a global scale, come make a difference at Fiserv.

About your role:

As a Cyber Threat Hunter, you will serve as a senior individual contributor within Cyber Security Operations, building behavior-based detection capabilities that identify adversary activity before incidents become material. You will turn enterprise telemetry into high-confidence signals and durable detections using inside-out intelligence, data science, and AI-enabled development workflows. You will partner closely with detection engineering, security operations, and incident response teams in a cloud environment, with a primary focus on proactive detection development and signal engineering.

What you'll do:

• Build and maintain behavior-based detections that identify adversary activity through sequences, relationships, and deviations across identity, endpoint, cloud, network, and application telemetry.
• Translate attacker techniques, malware behaviors, and adversary tradecraft into testable, explainable, and durable detection logic using a detection-as-code approach.
• Define telemetry, enrichment, and normalization requirements needed to improve signal quality, close coverage gaps, and support scalable detection outcomes in a cloud environment.
• Apply statistical methods, machine learning techniques, and Python-based analytical workflows to develop behavioral models, engineering features, and improve precision detection and operational actionability.
• Validate suspicious behaviors using digital forensics and incident response methods to distinguish malicious activity from benign anomalies, misconfigurations, and expected operational patterns.
• Partner with security operations, incident response, and detection engineering teams to operationalize detections with triage guidance, severity rationale, playbook alignment, and MITRE ATT&CK classification and coverage reporting.
• Use external threat intelligence as prioritization context while ensuring detections are grounded in observable behavior and telemetry within the enterprise environment.
• Responsibilities listed are not intended to be all-inclusive and may be modified as necessary.

Experience you'll need to have:

• 8+ years of experience in detection engineering, proactive threat hunting, digital forensics and incident response, malware analysis, reverse engineering, threat research, red teaming, purple teaming, advanced security operations, or a combination of these domains.
• 8+ years of experience building behavior-based detections across large-scale enterprise telemetry using correlation, sequence analysis, behavioral analytics, and operational detection logic.
• 8+ years of experience using digital forensics and incident response methods across host, identity, cloud, and network investigations to validate suspicious activity and improve detection fidelity.
• 8+ years of experience applying Python for data analysis, automation, feature engineering, and repeatable analytical workflows in cybersecurity use cases.
• 6+ years of experience applying statistical modeling, machine learning methods, or comparable analytical techniques to security telemetry, including baselining, outlier detection, clustering, time-series analysis, behavioral scoring, or graph-based analysis.
• Experience using AI-assisted development tools with validation, testing, reproducibility, and secure coding practices in analytics, automation, or detection development workflows.
• Bachelor's degree or higher in Computer Science, Cybersecurity, Information Security, Engineering, Data Science or related field or equivalent combination of education, related experience and/or military experience.

Experience that would be great to have:

• Experience with Google SecOps or Chronicle detection content development, data modeling, and telemetry analysis.
• Experience integrating security tools through application programming interfaces (APIs) and building internal services, signal pipelines, or workflow automation solutions.
• Familiarity with detection-as-code practices, including Git, continuous integration and continuous delivery (CI/CD), testing, and code review.
• Relevant certifications such as GIAC Reverse Engineering Malware (GREM), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Reverse Engineering Malware (GREM), CompTIA CySA+, Certified Information Systems Security Professional (CISSP), Certified Threat Hunting Professional (CTHP), Certified Threat Intelligence Analyst (CTIA), Certified Cloud Security Professional (CCSP), or equivalent cybersecurity certification.

How you'll work:

This role is on-site Monday through Friday. Fiserv considers in-person collaboration to be an essential part of this role as in-person office experience helps you with your overall onboarding experience and leads to stronger productivity.

Sponsorship:

You must currently possess valid and unrestricted U.S. work authorization to be considered for this role. Individuals with temporary visas including, but not limited to, F-1 (OPT, CPT, STEM), H-1B, H-2, or TN, or any candidate requiring sponsorship, now or in the future, will not be considered for this role.

Benefits at Fiserv:

• Fuel Your Life program to support your physical, financial, social, and emotional well-being.
• Paid holidays and generous time away policies.
• No-cost mental health support through Employee Assistance Programs.
• Living Proof program to recognize your peers' extra effort with points redeemable for rewards.
• Eight Employee Resource Groups to foster a collaborative culture and expand your network.
• Unparalleled professional growth with training, development, and internal mobility opportunities.
• Medical, dental, vision, life, and disability insurance options available from day one.
• Retirement planning including 401k match and discounted shares with the Employee Stock Purchase Plan.
• Tuition assistance and reimbursement program.
• Paid parental and military leave.

Salary Range $128,000.00 - $216,000.00

These pay ranges apply to employees in New Jersey and New York. Pay ranges for employees in other states may differ.

It is unlawful to discriminate against a prospective employee due to the individual's status as a veteran.

For incentive eligible associates, the successful candidate is eligible for an annual incentive opportunity which may be delivered as a mix of cash bonus and equity awards in the Company's sole discretion.

Apply using your legal name. Complete the step-by-step profile and attach your resume (either is acceptable, both are preferable).

Our commitment to Equal Opportunity:

Fiserv is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, gender, gender identity, sexual orientation, age, disability, protected veteran status, or any other category protected by law.

If you have a disability and require a reasonable accommodation in completing a job application or otherwise participating in the overall hiring process, please contact View email address on click.appcast.io. Please note our AskHR representatives do not have visibility to your application status. Current associates who require a workplace accommodation should refer to Fiserv's Disability Accommodation Policy for additional information.

Note to agencies:

Fiserv does not accept resume submissions from agencies outside of existing agreements. Please do not send resumes to Fiserv associates. Fiserv is not responsible for any fees associated with unsolicited resume submissions.

Warning about fake job posts:

Please be aware of fraudulent job postings that are not affiliated with Fiserv. Fraudulent job postings may be used by cyber criminals to target your personally identifiable information and/or to steal money or financial information. Any communications from a Fiserv representative will come from a legitimate Fiserv email address.