Threat Hunting Analyst (Replacement)

C003950, Threat Hunting Analyst

Role Overview: Threat Hunting Analyst

Location: Mons, Belgium (full-time on-site)
Clearance: NATO Secret

 Key Duties

• Plan and execute proactive threat hunting activities
• Improve detection & prevention capabilities (IDS, SIEM, security configs)
• Support cyber incident analysis and response (with NCSC)
• Develop and maintain SOPs and detection use cases
• Produce monthly reports (KPIs, stakeholders, customer)
• Contribute to cyber threat data analysis, storage, and processing improvements
• Evaluate and implement AI/ML and data analytics solutions
• Engage with internal NATO cyber community
• Run knowledge-sharing sessions (lessons learned, improvements)

 Core Requirements (Experience & Competencies)

• Strong experience in cybersecurity environments
• Excellent analytical thinking & hypothesis building
• Ability to work independently and in teams
• Strong communication skills (technical managerial)
• Experience with reporting and stakeholder engagement
• Leadership and organizational skills
• Able to operate in a high-tempo environment

Technical Skills & Knowledge

• Threat analysis & reasoning (pattern recognition, deductive thinking)
• Knowledge of data analytics, AI/ML, LLMs, RAG
• Experience in at least 3 of the following areas:
  • IDS (NIDS/HIDS), firewalls, security appliances
  • Security event sources (logs, SIEM inputs)
  • Computer forensics tools
  • Security tools (AV, vulnerability scanners, etc.)
  • Network protocols
  • Scripting (Python, PowerShell, etc.)

Nice-to-Have

• Advanced SANS certifications (GCIA, GCFA, GREM, etc.)
• Strong self-learning capability on complex topics

 Other Requirements

• Ability to manage workload to time/quality standards
• Comfortable communicating with technical & non-technical audiences
• Self-driven and proactive mindset
• Willing to work in an international NATO environment
• Occasional travel (≈2x/month Mons ↔ Brussels)