Senior Adversary Hunter

About the Role: 

Our Threat Intelligence Team is seeking a Senior Adversary Hunter who will contribute to discovering and tracking adversaries targeting ICS/OT environments. In this role, you will leverage your expertise in threat hunting and analysis to deliver actionable intelligence that strengthens global visibility into adversarial activity. You will independently drive investigations, refine methodologies, and contribute to industry collaboration, while supporting your teammates in key external engagements. Your focus will be to hunt for, identify, and track threat actors and temporary activity threads targeting ICS/OT systems and devices across critical infrastructure sectors. You'll develop a deep understanding of adversary operations once they've established initial access, including their reconnaissance, lateral movement, persistence mechanisms, and preparation for impact on industrial systems. You will serve as a specialist in adversary behavior, tracking threat actor campaigns, infrastructure, tooling patterns, and operational tradecraft specific to industrial environments. 

Responsibilities: 

• Contribute to tracking OT-focused Threat Groups, applying existing knowledge and developing deeper expertise. 
• Participate in industry-specific threat hunts, collaborating with senior analysts to refine hypotheses and approaches
• Draft technical intelligence reports on threats for operational teams (SOC, IR), supporting senior staff in preparing customer-facing or strategic-level reports.
• Assist in identifying detection opportunities (IOCs, YARA rules) for integration into the Dragos platform.
• Document analysis methodologies and contribute suggestions for improvement.
• Utilize Synapse and Storm Query Language for data modeling and investigative workflows, with guidance from senior team members.
• Support external working groups and webinars by preparing background materials and contributing analysis.
• Provide hunting support during surge events and incident response engagements, including triage under supervision. 

Qualifications: 

• 2–3 years of experience in threat hunting, intrusion analysis, or detections development. 
• Familiarity with software development in C#, Python, or similar languages.
• Experience pivoting across the Diamond Model, Kill Chain stages, and MITRE ATT&CK.
• Ability to produce technical intelligence reports for operational teams.
• Knowledge of adversarial Threat Groups, including tactics, techniques, and procedures.
• Exposure to IOC development and network/malware analysis.
• A self-starter who can work independently on technical tasks while collaborating effectively with senior analysts.
• Strong analytical and communication skills, with the ability to translate technical findings into clear reports.
• Curiosity and drive to expand expertise in OT-focused threats and adversary tracking.
• Team-oriented mindset, eager to contribute to collective success and learn from experienced professionals. 

Compensation: 

• Salary: $140,000
• Competitive Equity Package  
• Comprehensive Benefits Plan 

#LI-JF1 #LI-REMOTE