SOC Threathunting
Posted 1 week ago by E-Frontiers
Negotiable
Undetermined
Undetermined
Cheltenham, UK
Summary: As a member of the SOC Content Team, the role involves creating, deploying, and tuning threat detection content while collaborating with client Lead Analysts and threat intelligence teams. The position emphasizes technical work, knowledge sharing, and continuous improvement in threat detection strategies tailored to client needs. Proactive threat hunting and maintaining detection content are key components of the job. The role requires a balance of hands-on technical skills and collaboration within the SOC environment.
Key Responsibilities:
- Design and implement detection logic aligned to specific threat scenarios using industry frameworks such as MITRE ATT&CK.
- Maintain detection content throughout its lifecycle from development and testing to deployment and tuning.
- Work with client Lead Analysts to ensure content relevance and effectiveness in detecting threats across various environments.
- Conduct hypothesis-driven threat hunts based on client telemetry, threat intelligence, and observed anomalies.
- Use available data sources and tools to identify suspicious or malicious activity that may bypass existing detections.
- Document and present findings in a clear and actionable format for both internal teams and clients.
- Participate in the review and validation of detection content prior to deployment.
- Assist in updating runbooks, SOPs, and detection playbooks to reflect changes in tools, threats, or client requirements.
- Support efforts to maintain consistency, accuracy, and quality in all delivered content.
- Actively engage with the wider SOC, threat intelligence, and tooling teams to refine detection strategies.
- Share insights, findings, and improvements with team members through documentation, workshops, or informal sessions.
- Support cross-team initiatives and help drive a culture of continuous improvement and innovation.
Key Skills:
- Experience in threat detection and response.
- Familiarity with industry frameworks such as MITRE ATT&CK.
- Strong analytical and problem-solving skills.
- Ability to conduct proactive threat hunting.
- Excellent documentation and presentation skills.
- Collaboration and teamwork abilities.
- Knowledge of security tools and technologies.
Salary (Rate): undetermined
City: Cheltenham
Country: UK
Working Arrangements: undetermined
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Job Description As a member of the SOC Content Team, you will be responsible for contributing to the creation, deployment, and tuning of threat detection content and delivery of proactive threat hunting. You will work in close partnership with client Lead Analysts, threat intelligence teams, and other SOC functions to help ensure that detection strategies are tailored to each client's threat profile and security objectives. This role offers a balance of technical hands-on work, collaboration, and knowledge sharing, with a strong emphasis on continual learning and process improvement.
Key Responsibilities:
- Threat Detection Use Case Development:Design and implement detection logic aligned to specific threat scenarios, using industry frameworks such as MITRE ATT&CK. Maintain detection content throughout its lifecycle - from development and testing to deployment and tuning. Work with client Lead Analysts to ensure content relevance and effectiveness in detecting threats across various environments.
- Proactive Threat Hunting: Conduct hypothesis-driven threat hunts based on client telemetry, threat intelligence, and observed anomalies. Use available data sources and tools to identify suspicious or malicious activity that may bypass existing detections. Document and present findings in a clear and actionable format for both internal teams and clients.
- Content QA and Maintenance Participate in the review and validation of detection content prior to deployment. Assist in updating runbooks, SOPs, and detection playbooks to reflect changes in tools, threats, or client requirements. Support efforts to maintain consistency, accuracy, and quality in all delivered content.
- Collaboration & Knowledge Sharing Actively engage with the wider SOC, threat intelligence, and tooling teams to refine detection strategies. Share insights, findings, and improvements with team members through documentation, workshops, or informal sessions. Support cross-team initiatives and help drive a culture of continuous improvement and innovation.