Cyber Threat Hunter

The Cyber Threat Hunter will be responsible for proactively identifying, analyzing, and disrupting advanced threats within the organization’s enterprise and cloud environments. This role focuses on hypothesis‑driven hunting, detection engineering, and intelligence‑led investigations to uncover adversary activity that has evaded traditional security controls.

As an offshore team member, this role will operate in close coordination with onshore Cyber Ops, SOC, Incident Response, and Security Engineering teams, providing continuous threat coverage and analytical depth across global time zones.

Key Responsibilities:

Threat Hunting & Detection

• Conduct proactive, hypothesis‑based threat hunts across endpoint, network, identity, cloud, and SaaS telemetry to identify unknown or emerging threats.
• Leverage MITRE ATT&CK to design and execute hunt scenarios aligned to known adversary tradecraft.
• Identify stealthy behaviors such as living‑off‑the‑land techniques, credential abuse, lateral movement, and command‑and‑control activity.
• Develop and refine detection logic, analytics, and queries within SIEM/XDR platforms (e.g., Cortex XSIAM or equivalent). 

Investigation & Response Support

• Perform deep‑dive investigations and escalate confirmed threat activity with clear evidence and recommendations.
• Partner with Incident Response teams during active incidents to provide threat context, scoping, and root cause analysis.
• Validate and tune alerts to reduce false positives while improving detection efficacy.

Threat Intelligence Integration

• Correlate internal telemetry with threat intelligence feeds to identify active campaigns, exploited vulnerabilities, and adversary infrastructure.
• Track emerging threat actor techniques, malware families, and attack trends relevant to the organization’s industry.
• Translate intelligence into actionable hunts, detections, and defensive recommendations.

Engineering, Automation & Program Maturity

• Contribute to the development of threat hunting playbooks, standard operating procedures, and knowledge repository in general.
• Support continuous improvement of the threat hunting program through metrics such as hunt coverage, findings quality, cyber posture enhancement identification.
• Produce clear, concise reports for both technical and non‑technical stakeholders.

Qualifications:

Required

• 3+ years of experience in cybersecurity operations, with hands‑on experience in threat hunting.
• Strong understanding of adversary behaviors, attack chains, and common tactics across endpoint, network, identity, and cloud environments.
• Experience working with SIEM/XDR platforms, log analysis, and security telemetry at scale.
• Familiarity with threat intelligence lifecycle and MITRE ATT&CK framework.
• Strong analytical, investigative, and documentation skills.
• Ability to work independently in an offshore model and collaborate effectively with global teams across time zones.

Preferred

• Hands‑on experience using Palo Alto Cortex XSIAM for threat hunting, detection engineering, investigation workflows, and alert tuning.
• Experience developing and operationalizing XSIAM analytics, queries, and investigation playbooks across endpoint, identity, cloud, and network telemetry.
• Strong experience hunting and investigating threats in Microsoft Azure environments, including Entra ID (Azure AD), Azure IaaS/PaaS workloads, and cloud identity logs.
• Familiarity with Azure security telemetry (Sign‑In Logs, Audit Logs, Defender for Cloud/Endpoint, Azure Activity Logs).
• Experience correlating cloud, endpoint, and identity signals to detect credential abuse, privilege escalation, lateral movement, and persistence techniques.
• Scripting and automation experience using Python, KQL, PowerShell, or Bash to support hunting, enrichment, and reporting.
• Exposure to malware analysis, OSINT, or threat intelligence platforms (TIPs) to inform hunt hypotheses and detections.

Preferred Certifications:

• GCED, GCIA, GCIH, or GCED
• OSCP, GPEN, or GWAPT
• Security+, CySA+, or equivalent industry certifications

Through our dedicated associates, Conduent delivers mission-critical services and solutions on behalf of Fortune 100 companies and over 500 governments - creating exceptional outcomes for our clients and the millions of people who count on them. You have an opportunity to personally thrive, make a difference and be part of a culture where individuality is noticed and valued every day.

Conduent is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, gender expression, sex/gender, marital status, sexual orientation, physical or mental disability, medical condition, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law.

For US applicants: People with disabilities who need a reasonable accommodation to apply for or compete for employment with Conduent may request such accommodation(s) by submitting their request through this form that must be downloaded:  click here to access or download the form.  Complete the form and then email it as an attachment to [email protected]. You may also click here to access Conduent's ADAAA Accommodation Policy.