Threat Hunting & Detection Content Analyst

Threat Hunting & Detection Content Analyst

Position Description
The Global Security Operations Center (GSOC) Threat Hunting & Detection Content Analyst contribute to strengthening our security posture on multiple facets by developing and maintaining advanced threat detection content and conducting proactive threat hunting activities. This person plays a critical role in proactively identifying and neutralizing threats, thereby reducing risk, enhancing incident response capabilities and ensuring security threats can be identified and translated into high fidelity & actionable alerts for security investigation.

Your future duties and responsibilities
he Threat Hunting & Detection Content Analyst is responsible for the following activities:

Threat Hunting

Research tactics, techniques and procedures (TTPs) to plan threat hunting execution

Participate in the planning and execution of our threat hunting program

Perform research and development augmenting our capabilities

Perform proactive threat identification & hunting activities and follow up based on the result

Security Detection Content Engineering

Participate in the planning and execution of our security detection content engineering program

Translate intelligence and incident response report into actionable detection capabilities

Develop new and novel detection mechanisms, behavioral detection use cases, IOCs etc

Perform research and development augmenting our capabilities

Identify new and emerging trends in threat actors' TTPs

Ad-hoc Incident support

Threat Hunting & Detection Content Service Management

Assist in producing operational report for effectiveness of the detection content & threat hunting service

Plan and deliver initiatives to streamline the services operations

Assist to manage the service operations

Establish and improve workflow, procedure, guideline for the services and automate the processes to optimize the teams’ operations

AI, Automation and Integration

Initiate automation idea and deliver with Automation team to improve the operation efficiency and the quality of the detection content and threat hunting services.

Plan and deliver integration between different technologies platforms to improve our detection content and threat hunting services

Participant and Drive AI Initiative to improve the Threat Hunting and Detection Content Service

Leverage AI Tooling or Agent to accelerate Threat Hunting and Detection Content Operation

Other Responsibilities

Participate in innovation projects including the building, deployment and evaluation of new technologies

Participate in technology evaluation in collaboration with other stakeholders

Provide advanced threat awareness and education to members of the team

Required qualifications to be successful in this role
The candidate should be able to demonstrate a thorough understanding of cyber security especially in threat hunting, security detection content engineering, digital forensic, incident response and threat intelligence areas. The candidate must possess an in-depth knowledge of modern threats, threat actors’ TTPs, threat hunting and detection content tools/platforms and methodologies.

Education and Experience:

3 - 5 years of cyber security operations experience and at least 1 - 2 years hands-on experience in threat hunting and security detection content engineering

Candidate with less experiences will be considered as consultant.

Bachelor’s degree in computer engineering, Computer Science, Information Technology, Cyber Security, or related field; advanced degree preferred

Qualifications:

Proficient in using threat hunting tools such as Endpoint Detection and Response (EDR) & Log Analysis Platforms (SIEM)

General Knowledge of security tools such as TIP, NGFW, Sandbox, SASE, SIEM, EDR, WAF etc

Experience with scripting and programming languages (e.g. Python, Bash, etc.) for automation and analysis

Knowledge of various standard detection content format (e.g. Sigma, YARA, Snort Rule etc)

Knowledge of cyber security principles, practices, technologies, and standards

Strong knowledge of current threat, vulnerabilities and threat actors TTPs

Strong understanding of cybersecurity frameworks (e.g. MITRE ATT&CK, Cyber Kill Chain)

Knowledge of Windows, Linux and Mac Operating system

Working knowledge of generative AI technologies, including Large Language Models (LLMs) and AI-powered productivity tools

Experience using AI-assisted tools to improve efficiency in GSOC Operation including research, analysis, documentation etc

Strong knowledge of threat hunting, detection content and preferably also Incident Response, digital forensics and Threat Intelligence

Proficient in spoken and written English

Certifications:

eCTHP, GCFA, GREM, OSCP, CISSP or other reputable, technical and defensive/offensive focused certification are preferred

CGI is providing a reasonable estimate of the pay range for this role. The determination of this range includes factors such as skill set level, geographic market, experience and training, and licenses and certifications. Compensation decisions depend on the facts and circumstances of each case. A reasonable estimate of the current range is $60,000-110,000. This role is an existing vacancy

#LI-AB19

Together, as owners, let’s turn meaningful insights into action.

Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…

You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.

Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.

You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

At CGI, we value the strength that diversity brings and are committed to fostering a workplace where everyone belongs. We collaborate with our clients to build more inclusive communities and empower all CGI partners to thrive. As an equal-opportunity employer, being able to perform your best during the recruitment process is important to us. If you require an accommodation, please inform your recruiter.

That same commitment to fairness extends to how we use technology. To support our recruitment team, AI tools may be used to help assess applications though they never replace human judgement. All hiring decisions remain entirely in the hands of our recruitment professionals.

To learn more about accessibility at CGI, contact us via email . Please note that this email is strictly for accessibility requests and cannot be used for application status inquiries.

Come join our team—one of the largest IT and business consulting services firms in the world.