Cyber Threat Hunter

Organization description

IT Continuity & Security Services designs and delivers 7x24 Monitoring Services, Continuity Management, IT Service Management and Automation, Service Desk and Security Operations in order to contribute to continuity and security of the whole IT organization worldwide. Within IT Continuity & Security Services their department, the Cyber Defence Centre, is responsible for Security Monitoring and Response, Vulnerability Management and Crypto Services. The team responsible for threat hunting consists of 4 members, whom are highly experienced in performing the analysis. You will be closely working together with the other teams within the CDC.

Function description

The end goal of Threat Hunting is to reduce the length of time a threat actor is present on the banks IT-infrastructure before being detected. This is achieved by having a proactive approach on cyber defence instead of a reactive approach. Proactive means building new detection capabilities to detect Tactics Techniques and Procedures (TTPs), for threat actors targeting the financial industry, before incidents occur. Threat Hunting is an iterative approach to discover, identify and understand attackers targeting the IT infrastructure. The method of Threat Hunting consists of analyzing data to find attacks that have or can evade existing security defenses. You will be working in an international expert team of nearly 60 people, with whom you share knowledge, skills and experiences. You will be having relations with a variety of stakeholders in- and outside of the organization.

What the client requests

You are a driven professional with a wide variety of knowledge and experience in IT in general and cyber security in particular. You are always up-to-date with the newest developments in cyber security. You have an investigation mindset with very strong analytics skills. You are critical even to your own work. Requirements for the candidate are:

  • The ability to think both like an attacker and a defender to translate attacker behaviors and techniques into hunting hypotheses. 
  • Is able to select and use the right tools and techniques necessary for investigating hypotheses.
  • Have a creative mind-set. 
  • Have excellent analytic skills and loves solving complex challenges.
  • Good common knowledge on IT networks and operating systems. 
  • Excellent technical understanding of attacker tactics and techniques such as: lateral movement, privilege escalation, malware persistence, command obfuscation, etc. 
  • Constantly keeps his knowledge up-to-date regarding attacker techniques and behaviors with the latest developments. Should also be able to transfer his knowledge to others. 
  • Experience with writing code using well known languages such as Python. For example to write custom tools and analyze data. 
  • Has experience in multiple Digital Forensics & Incident Response (DFIR) fields: incident response, endpoint forensics, network forensics, malware analytics, memory forensics. Uses this experience to identify suspicious behavior. 
  • Is critical, and supporting, of other’s work and its own. Has a drive to always improve to do better.
  • Is able to perform complex assignments, alone or as part of a team.
  • Excellent verbal and written communication skills. 
  • Familiar with the financial services industry.


Preferred qualifications: 

  • Bachelor or Master preferred in IT/Security. 
  • OSCP, GXPN, GCFA, GREM, GCFE, GCIA or equal certifications. 
  • 5+ year working experience in an IT function. 
  • 3+ working experience in an IT security function.

What the client offers

Although the organisation expects this position to be on function level 8 or 9, the actual function level depends on education, knowledge & experience.


Uren per week36 upw
NiveauMedior, Senior
OpleidingsniveauHBO, WO
Meer informatie?Dennis Nuijens +31 (0)6 58812977