Senior Threat Hunter

The Senior Threat Hunter is a core member of Armis’ Managed Threat Services (MTS) organization, responsible for leading proactive threat hunting, advanced analysis, and complex incident investigations across multiple customer environments. This role blends deep technical expertise with strategic thinking to help customers identify, investigate, and respond to sophisticated adversaries—while continuously strengthening their detection and response posture.

As a senior technical leader, you will apply a risk-based methodology to deliver measurable security outcomes, influence MTS strategy, improve internal processes, and mentor the next generation of threat hunters.

• Lead proactive threat hunts to identify patterns, anomalies, and behaviors associated with known and emerging adversary TTPs.

• Configure and optimize advanced security tools to enhance detection fidelity and coverage.

• Lead and execute complex threat investigations across customer environments.

• Provide analytical support throughout the full incident lifecycle, including identification, containment, eradication, and recovery.

• Research emerging threats and adversary techniques to develop actionable intelligence and effective detection strategies.

• Translate intelligence into practical hunting methodologies and detection improvements.

• Produce detailed technical incident reports and contribute to executive-level summaries.

• Clearly communicate findings, risk, and remediation guidance to both technical and executive stakeholders.

• Develop and maintain Armis platform policies, dashboards, and customer-specific monitoring use cases.

• Partner with internal teams to automate workflows, enhance tooling, and improve service delivery efficiency.

• Design and maintain standardized, reusable threat hunting playbooks to scale and operationalize MTS capabilities.

• Contribute feedback and prioritization input to product and feature development.

• Serve as a trusted advisor and thought leader for assigned customers on risk management, detection optimization, and response maturity.

• Act as a recognized subject matter expert internally and externally.

• Coach and mentor junior team members, fostering technical growth, collaboration, and continuous learning.

• Bachelor’s degree in Cybersecurity, Computer Science, or a related field (preferred).

• 8+ years of professional cybersecurity experience, ideally in threat hunting, threat intelligence, incident response, or SOC operations.

• Deep understanding of network infrastructure, operating systems, and common attack vectors.

• Strong experience mapping adversary behavior using MITRE ATT&CK and Cyber Kill Chain frameworks.

• Advanced expertise analyzing logs, endpoint telemetry, IDS/IPS data, and network traffic (NetFlow, PCAP).

• Experience with malware analysis (static and dynamic) and IOC development.

• Solid knowledge of security controls, detection engineering, and risk-based mitigation strategies.

• Excellent written and verbal communication skills, with the ability to translate complex findings into actionable guidance.

• Proven ability to operate independently and lead engagements in distributed, cross-functional environments.

• GNFA, OSCP, CISSP, OSEP, GREM, or equivalent.

• Scripting or development experience (Python, PowerShell, etc.).

• Exposure to machine learning or data-driven approaches for detection and triage automation.

• Experience with the Armis platform or other OT/IoT and asset intelligence technologies.