CrawlJobs Logo

Endpoint Detection and Threat Hunting Analyst

United States, California Hot Springs · Job Posted June 29, 2026
Apply Position
Job Link Share

Job Description

Position Description Miscellaneous/Niche/Other

Requirements

  • Possess knowledge with Endpoint and Data Protection products such as CrowdStrike Falcon Endpoint Security, Falcon SaaS Security, Falcon Exposure Management, Falcon Data Protection, Falcon Recon, Fusion SOAR Ability to generate reports using APIs. Demonstrate mastery in operating and optimizing the Falcon platform. Possess knowledge of parent and child CIDs in the CrowdStrike environment. Ability to generate reports using APIs as a CrowdStrike Falcon administrator
  • Demonstrate ability to use Endpoint and Data Protection products for threat hunting in the environment
  • Possess knowledge with Axonius
  • Possess knowledge in XDR platforms (Secureworks)
  • Possess knowledge in Cisco SecureWorkload
  • Possess knowledge in SIEM tools for reporting and reviewing of logs (Elastic)
  • Possess knowledge in API integrations and configuration
  • Possess knowledge in creating data pipelines using Cribl
  • Minimum one (1) year of working experience within the last 2 years in building data pipelines using Cribl
  • Minimum three (3) years of working experience within the last 4 years in performing workflow analysis using Cisco SecureWorkload/Tetration
  • Minimum three (3) years of working experience within the last 4 years in Incident response in an enterprise environment
  • Minimum three (3) years of experience within the last 4 years configuring telemetry API integrations to various SIEM and XDR tools
  • Minimum six (6) years of working experience within the last 8 years serving as an organization's subject matter expert responsible for the management of CrowdStrike Falcon and SecureWorks
  • Minimum six (6) years of working experience within the last 8 years administering Endpoint Detection and Response platform for Prevention Policies, creating IOA exclusions, USB Device Control, Firewall, and creating Fusion SOAR workflows
  • Minimum six (6) years of working experience within the last 8 years with malware, threat intelligence and/or sandbox analysis
  • Minimum four (4) years of working experience with programming or scripting languages such as PowerShell, Python and Bash
  • Minimum five (5) years of working experience with virtualization/VDI technologies and cloud SaaS solutions
  • Minimum two (2) years of experience in API integrations for automation

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Endpoint Detection and Threat Hunting Analyst

8 matching positions

Cyber Threat Hunting Specialist

At Vodafone, we’re not just shaping the future of connectivity for our customers...
Location
Location
United Kingdom , Newbury
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Threat Research Expertise
  • You are an experienced security analyst who operates well beyond alert-driven workflows
  • You have a deep understanding of adversary tactics, techniques, and procedures
  • Analytical Thinking
  • You are comfortable working with incomplete, ambiguous, or conflicting data
  • Tool Proficiency
  • You are highly proficient in querying and analysing large-scale security data
  • Data Source Fluency
  • You are confident working across diverse telemetry, including endpoint, identity, network, and cloud data
  • Collaborative Communication
Job Responsibility
Job Responsibility
  • Proactively search for signs of cyber threats across systems and networks
  • Proactive Threat Hunting
  • Drive proactive threat hunting across Vodafone’s environment
  • Own complex investigations end-to-end
  • Rule Development for Security Operations
  • Translate your hunting outcomes into robust, production-ready detection logic
  • Challenge existing detections, identifying gaps in coverage, and refining logic
  • Threat Intelligence Integration
  • Work closely with Cyber Threat Intelligence to turn intelligence into actionable outcomes
  • Assess, validate, and challenge intelligence by mapping it to real telemetry and observed behaviours
What we offer
What we offer
  • Yearly bonus: 10%
  • Annual leave: 28 days + bank holidays + the opportunity to buy/sell/carry over 5 days/year
  • Charity days: 5 days/year
  • Maternity leave: 52 weeks: the first 13 weeks are fully paid, followed by 26 weeks of half pay
  • Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%
  • Access to: private medical, private dental, free health assessments, share save scheme
  • Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan
  • Fulltime
Read More
Arrow Right

Sr. Cyber Detection Incident Analyst - Security Operations

As a Cyber Detection Incident Analyst on GM’s Security Operations team, you will...
Location
Location
United States , Warren
Salary
Salary:
Not provided
gm.com Logo
General Motors
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Information Security, Computer Science, Information Systems, or equivalent experience
  • 5+ years of experience in cybersecurity with a focus on detection engineering, security operations, incident response, intrusion detection, or security event analysis
  • Strong analytical and investigative skills with the ability to interpret complex datasets and communicate findings effectively
  • Ability to create tactical scripts (Python, PowerShell, KQL, Bash, etc.) to supplement investigative workflows and enrich detections
  • Experience with network security monitoring (IDS, packet capture, flow analysis) and proper techniques for identifying and responding to security events
  • Experience detecting threats in cloud environments (Azure, AWS, GCP) and using cloud-native detection tooling
  • Strong collaboration and communication skills with focus on cross-team partnerships
  • Demonstrated ability to mentor other analysts, contribute to team development, and work effectively in a collaborative team environment
  • Deep knowledge of SIEM technologies, log‑centric analytics, and correlation logic
  • Deep knowledge of EDR platforms and behavioral-based detection methodologies
Job Responsibility
Job Responsibility
  • Conduct expert-level triage and deep-dive analysis of security events using EDR, NDR, identity telemetry, application logs, SIEM analytics, SOAR workflows, and cloud-native security tools
  • Lead incident escalation workflows and collaborate with the Incident Response and other partner teams drive timely containment and resolution of security threats
  • Perform proactive threat hunting across endpoints, networks, identity systems, cloud platforms (Azure, AWS, GCP), and SaaS environments using threat intelligence, behavioral analytics, and TTP/IOC research
  • Correlate telemetry across diverse systems to identify sophisticated attack patterns
  • Apply strong understanding of OS internals, cloud architectures, networking, authentication protocols, and adversary tradecraft to assess risk, determine impact, and drive escalation decisions
  • Integrate threat intelligence (IOCs, behavioral patterns, ATT&CK-aligned TTPs) into detection logic, use cases, and hunt strategies
  • Develop, tune, and maintain high-efficacy detections across: SIEM : correlation rules, anomaly detection, enrichment logic
  • EDR/XDR : behavioral detections, process analytics, custom rules
  • NDR : network anomaly detection, lateral movement patterns
  • SOAR : automation workflows, enrichment routines
What we offer
What we offer
  • Relocation benefits may be eligible
  • Fulltime
Read More
Arrow Right
New

Lead Security Analyst

Made Tech helps UK public sector organisations build and run better digital serv...
Location
Location
United Kingdom , Bristol; London; Manchester; Swansea
Salary
Salary:
65000.00 - 80000.00 GBP / Year
madetech.com Logo
Made Tech
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • CompTIA Advanced Security Practitioner (CASP+)
  • Experience leading detection engineering in a SOC or similar environment — including writing and tuning detections in KQL, SPL, EQL, or Sigma, and managing coverage against MITRE ATT&CK
  • Experience designing or improving a log and telemetry pipeline, including application-level telemetry from cloud-hosted services (AWS is a strong preference at this grade), with an understanding of how to design monitoring for failure modes and degraded states
  • Evidence of running the intelligence cycle as a managed discipline — collection planning, production, and feedback — rather than consuming finished intelligence
  • Working knowledge of UK government security standards and frameworks, including NCSC CAF Objective C, GovAssure, and OFFICIAL handling requirements
  • Experience establishing incident response practice — playbooks, severity models, and exercises — not just responding to individual incidents
  • Evidence of growing the technical capability of less experienced analysts through pairing, structured mentoring, or coaching, including setting clear goals and tracking progress over time
  • Experience anchoring delivery on client outcomes rather than task completion — challenging the brief where it serves the client and making value visible rather than reporting effort
Job Responsibility
Job Responsibility
  • Set the detection engineering standard — author, tune, and peer-review detections in KQL, SPL, EQL, or Sigma
  • manage the false-positive backlog
  • map coverage to MITRE ATT&CK
  • and train L1/L2 analysts to write and tune detections themselves
  • Own the threat-landscape narrative for your engagement — turn intelligence from NCSC advisories, sector feeds, and threat actor reporting into hunt themes, coverage gap analysis, and detection priorities that the SOC and client stakeholders can act on
  • Run the intelligence cycle as a managed discipline — maintain a collection plan, produce timely and rigorous intelligence products, and build feedback loops that keep the cycle honest and improving
  • Establish and lead security incident response practice — build playbooks, define the severity model, run exercises, and lead the team's response to significant incidents
  • run blameless post-mortems that the team actually learns from
  • Design the log and telemetry pipeline that detections run on — including bespoke application telemetry in cloud environments, not just commodity endpoint feeds
  • ensure the right signals are collected, parsed, and retained for both detection and investigation
What we offer
What we offer
  • 30 days Holiday
  • Flexible Working Hours
  • Flexible Parental Leave
  • Remote Working
  • Paid counselling
  • Smart Tech scheme
  • Cycle to work scheme
  • individual benefits allowance which you can invest in a Health care cash plan or Pension plan
  • optional social and wellbeing calendar of events
  • Fulltime
Read More
Arrow Right
New

Information Security Analyst

Dotdigital is seeking an experienced and motivated Security Analyst to join our ...
Location
Location
United Kingdom; South Africa
Salary
Salary:
Not provided
dotdigital.com Logo
Dotdigital
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in a Security Analyst, Information Security, Cyber Security, Systems Administration, Infrastructure, Cloud Operations, or DevOps role with demonstrable security responsibilities
  • Experience working within a security or compliance framework such as ISO 27001
  • Understanding of security operations and incident response processes
  • Experience with vulnerability management, remediation tracking, and security risk reduction
  • Knowledge of identity and access management principles
  • Understanding of cloud security concepts and security controls within major cloud providers
  • Hands-on experience of an array of core security technologies
  • Understanding of common application security risks and OWASP principles
  • Strong communication skills with the ability to engage technical and non-technical stakeholders
  • Ability to manage multiple priorities and work independently in a fast-paced environment
Job Responsibility
Job Responsibility
  • Monitor and investigate security alerts and events across security tooling, cloud environments, business systems, and applications
  • Support incident response activities including detection, analysis, containment, eradication, recovery, and lessons learned
  • Develop and improve security monitoring, alerting, playbooks, and operational procedures
  • Assist with threat hunting and proactive identification of security risks and suspicious activity
  • Maintain awareness of emerging cyber threats, vulnerabilities, and attack techniques relevant to SaaS businesses
  • Own day-to-day vulnerability management activities across infrastructure, cloud platforms, applications, and endpoints
  • Work with technology teams to prioritise and coordinate remediation activities
  • Track vulnerabilities through to resolution and provide reporting on remediation performance
  • Support penetration testing activities and coordinate remediation of findings
  • Support the security of cloud environments and SaaS platforms through implementation and monitoring of security controls
What we offer
What we offer
  • Commission & bonus opportunities
  • Annual leave that increases with service + option to buy more
  • Additional paid wellbeing days + annual wellbeing reward
  • Christmas office shutdown (extra time off)
  • Enhanced parental leave & family support policies
  • Employee recognition & reward schemes
  • Referral bonuses & long-service rewards
  • Fulltime
Read More
Arrow Right

SOC Cyber Threat Expert

At Vodafone, we’re not just shaping the future of connectivity for our customers...
Location
Location
Türkiye , Ankara
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree in engineering departments (preferably Electronics or Computer Engineering)
  • 5+ years of experience in performing hands-on security engineering, consulting, team management, penetration testing, and/or adversary simulation, red teaming exercises, vulnerability assessments in complex operational ICT environments
  • Familiarity with industry standards like OWASP TOP10, CVSS, CIS, NIST etc.
  • CISSP, CISM, OSCP, CEH level is expected
  • Experienced in SIEM products (QRadar, FortiSIEM Splunk, Logsign etc.) and SOAR products
  • Experience working with Threat modeling (e.g., STRIDE, PASTA, FAIR, Security Cards), operational threat intelligence, and attack framework standards (e.g., MITRE ATT&CK) with a good understanding of the Cyber Kill Chain and pervasive threat attack methods and remediation
  • Experience working in an industry standard Security Operations Center or similar environment providing incident handling and response, intrusion detection, analysis, cyber threat intelligence, threat determination, and mitigations processing and tracking, working with several network and system security technologies to include Elasticsearch, data analytics platforms, endpoint tools, network technologies, and SIEMs
  • Experience developing detection logic for enterprise SIEM systems and with exploitation techniques and use case development
  • Experience in the detection and response to malicious activity using log data and alerts from cybersecurity solutions, systems, and network devices
  • Experience extracting and analyzing forensic artifacts across Windows, Mac, and Linux operating systems
Job Responsibility
Job Responsibility
  • Coding Experience in Scripting & programming languages (such as Java, Bash, Python, PowerShell, etc.) to use these skills to aid in responding to incidents involving Windows, Linux, and Mac hosts, as well as automate common analytical processes to reduce analyst time and avoid repetitive incident response tasks
  • Making assessments on Information Security processes and taking responsibility of implementing improvements on related systems
  • Deploy, configure, and maintain security technologies, including, EDR, XDR, SOAR, SIEM, solutions to assess each of the cybersecurity technology’s responses
  • Develop open-source and vendor based threat detection scenarios
  • Develop tooling for Detection Development Life-Cycle
  • Research on new threat hunting methodologies, tools, and technologies
  • Onboard and maintain detection and hunting products (SIEM, EDR, etc.)
  • Manage and maintain internal SOC technologies and processes
  • Effectively use threat intelligence services and malware sandboxes for hunting new malware threats
  • Excellent written skills with demonstrated ability to write reports
What we offer
What we offer
  • Vflexy: Flexible Benefits Program
  • Hybrid working kit
  • Ergonomic kit allowance
  • Digital meal voucher
  • Flexible transportation allowance
  • Employee assistance hotline & counselling
  • Comprehensive and flexible private health insurance
  • Discounted price deals for wide range of products & services
  • Fulltime
Read More
Arrow Right

Cyber Operations Analyst

Embark on a transformative journey as a Cyber Operations Analyst at Barclays. At...
Location
Location
United States , Whippany
Salary
Salary:
80000.00 - 120000.00 USD / Year
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Basic familiarity with SIEM platforms and the ability to monitor, triage, and document security alerts in a structured SOC environment
  • Ability to perform initial analysis of security alerts and events, following established runbooks and escalating incidents according to defined procedures
  • Foundational understanding of common security incidents such as phishing emails, endpoint alerts, and basic network anomalies
  • Ability to recognize common malware indicators and suspicious activity using alerts from endpoints, proxies, IDS, and network security tools
  • Understanding of core cybersecurity concepts, including attack lifecycles, basic threat types, and the importance of defense-in-depth
  • Basic knowledge of operating system fundamentals (Windows & Linux) and introductory networking concepts such as TCP/IP, DNS, and HTTP
  • Familiarity with common attacker techniques and indicators of compromise from a defensive (blue-team) perspective
  • Awareness of cloud computing concepts and basic security considerations in platforms such as AWS, Azure, or Google Cloud
Job Responsibility
Job Responsibility
  • Deliver 24/7 continuous monitoring, analysis, incident response, threat hunting, and intelligence services
  • Management of security monitoring systems, including intrusive prevention and detection systems, to alert, detect and block potential cyber security incidents, and provide a prompt response to restore normal operations with minimised system damage
  • Identification of emerging cyber security threats, attack techniques and technologies to detect/prevent incidents
  • Management and analysis of security information and event management systems to collect, correlate and analyse security logs, events and alerts/potential threats
  • Triage of data loss prevention alerts to identify and prevent sensitive data for being exfiltrated from the banks network
  • Management of cyber security incidents including remediation & driving to closure
What we offer
What we offer
  • Medical, dental and vision coverage
  • 401(k)
  • Life insurance
  • Other paid leave for qualifying circumstances
  • Incentive award
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Manager MDR (Unit 42)

We are seeking a driven problem solver to join our Unit 42 MDR team. Our team is...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
paloaltonetworks.it Logo
Palo Alto Networks Italia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Great interpersonal skills with 10+ years of a proven experience collaborating with customers
  • Understanding of the threat landscape in terms of the tools, tactics, and techniques of attacks, as well as networking and security fundamentals
  • Basic hands-on coding skills (e.g. Python)
  • Excellent written and oral communication skills in English
  • Ability to lead and mentor a growing team
  • Experience investigating targeted, sophisticated or hidden threats
  • Background in forensic analysis and incident and response tools to identify a threat and determine the extent and scope of a compromise
  • Experience with investigative technologies such as SIEM, packet capture analysis, host forensics, and Endpoint Detection and Response tools
  • Understanding of how APTs operate and the attack cycle – different attack vectors, propagation and data exfiltration, lateral movement, persistence mechanism, etc.
  • Understanding of how organizations protect themselves from cyber-attacks, what tools are used and what remediation techniques are leveraged
Job Responsibility
Job Responsibility
  • Hire for and lead a team of MDR Analysts, guide the team, create and improve processes, methodologies and capabilities that the team requires to work effectively
  • Lead a team that analyzes incidents from real customer environments to identify ongoing threats to customer environments
  • Provide critical feedback to the different product, research and engineering and threat hunting teams to help improve the products for the entire Palo Alto Networks’ customer base
  • Work closely with Security Research, Threat Intelligence and Threat Hunting teams to remediate and detect new emerging threats
  • Fulltime
Read More
Arrow Right

Manager MDR (Unit 42)

We are seeking a driven problem solver to join our Unit 42 MDR team. Our team is...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
paloaltonetworks.com Logo
Palo Alto Networks
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Great interpersonal skills with 10+ years of a proven experience collaborating with customers
  • Understanding of the threat landscape in terms of the tools, tactics, and techniques of attacks, as well as networking and security fundamentals
  • Basic hands-on coding skills (e.g. Python)
  • Excellent written and oral communication skills in English
  • Ability to lead and mentor a growing team
  • Experience investigating targeted, sophisticated or hidden threats
  • Background in forensic analysis and incident and response tools to identify a threat and determine the extent and scope of a compromise
  • Experience with investigative technologies such as SIEM, packet capture analysis, host forensics, and Endpoint Detection and Response tools
  • Understanding of how APTs operate and the attack cycle – different attack vectors, propagation and data exfiltration, lateral movement, persistence mechanism, etc.
  • Understanding of how organizations protect themselves from cyber-attacks, what tools are used and what remediation techniques are leveraged
Job Responsibility
Job Responsibility
  • Hire for and lead a team of MDR Analysts, guide the team, create and improve processes, methodologies and capabilities that the team requires to work effectively
  • Lead a team that analyzes incidents from real customer environments to identify ongoing threats to customer environments
  • Provide critical feedback to the different product, research and engineering and threat hunting teams to help improve the products for the entire Palo Alto Networks’ customer base
  • Work closely with Security Research, Threat Intelligence and Threat Hunting teams to remediate and detect new emerging threats
  • Fulltime
Read More
Arrow Right