Threat Hunting / Cyber Threat Hunting Analyst L2

Job Description

Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way you’d like, where you’ll be supported and inspired by a collaborative community of colleagues around the world, and where you’ll be able to reimagine what’s possible.

Join us and help the world’s leading organizations unlock the value of technology and build a more sustainable, more inclusive world.

Job Description - Grade Specific

A dedicated and detail-oriented Threat Hunting Analyst with over 18 months of experience in cybersecurity operations, specializing in proactively looking for signs of attackers inside an organization’s environment—before alerts, incidents, or damage occur. Unlike traditional security roles that react to alarms, threat hunters assume compromise and actively search for hidden or stealthy threats.

A Threat Hunting Analyst must focus on searching for malicious behaviour that automated tools may miss, using human intuition, context, and hypotheses rather than waiting for alerts, in order to find advanced, persistent, and stealthy attackers.

Key responsibilities:

• Proactively conduct threat hunts to identify malicious activity that bypassed automated detections, reducing attacker dwell time.
• Develop hypothesis-driven hunts based on adversary tactics, techniques, and procedures (TTPs) using the MITRE ATT&CK framework.
• Analyse endpoint, network, authentication, and log telemetry to detect indicators of compromise (IOCs) and anomalous behaviour.
• Investigate suspicious activity involving credential misuse, lateral movement, persistence mechanisms, and living-off-the-land techniques.
• Correlate data across SIEM, EDR/XDR, and network security tools to validate potential threats and scope impact.
• Leverage threat intelligence reports and internal telemetry to identify emerging attacker behaviours relevant to the environment.
• Escalate confirmed malicious activity to incident response teams with detailed findings, timelines, and supporting evidence.
• Support incident investigations by providing root cause analysis and attacker activity reconstruction.
• Identify detection and logging gaps and collaborate with detection engineering teams to improve alert coverage and visibility.
• Tune existing security detections to reduce false positives and improve signal quality.
• Document hunt methodologies, findings, and lessons learned to enable repeatable and scalable threat hunting processes.
• Collaborate with SOC analysts, incident responders, and infrastructure teams to improve overall security posture.

Capgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of over 360,000 team members in more than 50 countries. With its strong 55-year heritage and deep industry expertise, Capgemini is trusted by its clients to address the entire breadth of their business needs, from strategy and design to operations, fuelled by the fast evolving and innovative world of cloud, data, AI, connectivity, software, digital engineering and platforms. The Group reported in 2022 global revenues of €22 billion.

Apply now!