Cyber Threat Hunting Manager

The Cyber Threat Hunting Manager is responsible for proactively detecting and analyzing hidden or advanced threats that evade traditional security defenses. This role involves behavior-based hunting activities across endpoints, network, and cloud environments, while collaborating with Security Operations Center (SOC) units to escalate and remediate potential risks.

Key Responsibilities:

• Execute cyber threat hunting initiatives using hypothesis-driven and intelligence-led approaches to detect advanced persistent threats (APTs) and other stealthy adversaries.
• Continuously analyze environment telemetry (SIEM logs, endpoint data, network flows, etc.) to uncover indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).
• Develop, test, and refine hunting playbooks and detection logic in collaboration with SOC monitoring, threat detection teams, and Cyber Threat Intelligence teams.
• Coordinate closely with the Cyber Threat Intelligence (CTI) unit to leverage threat feeds and enhance hunting activities with relevant context.
• Collaborate with the Incident Response Team to validate findings, support investigations, and deliver forensic-level analysis as needed.
• Maintain awareness of current and emerging threats, tools, and techniques used by adversaries, and recommend appropriate countermeasures.
• Contribute to building a mature threat hunting capability through training, frameworks, and tool development.
• Recommend and drive the implementation of detection and prevention enhancements based on hunt findings.
• Develop cyber threat hunting-related procedures in accordance with regulatory requirements and international standards.
• Prepare threat hunting insights, trends, and activity summaries for management and relevant committee reporting.

Qualifications and Experience:

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Preferred certifications: GIAC Advanced Threat Hunting (GATH), MITRE ATT&CK Defender certifications.
• 3-5 years of relevant experience with at least 3 years in a similar role.
• Strong hands-on experience with SIEM platforms, EDR/XDR tools, and threat detection technologies.
• Familiarity with MITRE ATT&CK, threat modeling, IOC/TTP tracking, and hypothesis-based hunting.
• Experience in scripting and automation (Python, PowerShell, etc.) is highly desirable.
• Understanding of adversarial behavior, malware analysis basics, and network packet inspection.
• Excellent analytical, communication, and investigative skills.
• Language Requirements: Written and spoken English is essential; Arabic is a must.

Location: Riyadh, Saudi Arabia
Work Conditions: On-site, Full-time
Working Hours: 8:00 AM to 5:00 PM (Sunday to Thursday)