Our client in the public sector is seeking a contract based Cyber Threat Hunter. The successful candidate will design and execute hunts across enterprise telemetry, operationalize threat intelligence into durable detections, and lead complex investigations.

Location: onsite Toronto

Duration: 1yr + ext

Responsibilities

• Plan and execute hypothesis-driven and IOC/TTP-based threat hunts across endpoint, network, cloud, identity, and application telemetry
• Correlate signals from SIEM, UEBA, EDR, and other security platforms with threat intelligence and environmental context to identify advanced or stealthy threats
• Operationalize threat intelligence, including IOCs, adversary tradecraft, and TTPs, into hunt queries, detections, and enrichment workflows
• Lead investigations of complex hunt findings, including scoping, containment, eradication, and recovery in collaboration with SOC and Incident Response teams
• Develop, tune, and maintain high-fidelity detections using KQL, LEQL, Sigma, YARA, and related frameworks to enable sustained monitoring with low false positives
• Establish and maintain hunting methodologies, runbooks, metrics, and documentation, capturing lessons learned and root-cause analysis
• Measure and report hunt outcomes such as detections created, gaps remediated, dwell-time reduction, and control effectiveness to leadership
• Conduct research on emerging threats, adversary campaigns, tooling, and cloud/identity attack paths relevant to OLG and socialize actionable insights
• Participate in purple-team exercises to validate detections, emulate adversary techniques, and prioritize detection improvements
• Support compliance and audit activities by providing evidence aligned to security monitoring, incident response, and regulatory requirements
• Collaborate with internal teams and third-party vendors to coordinate threat hunts, share intelligence, and validate tooling effectiveness
• Mentor SOC analysts through technical deep dives, coaching, and guidance on threat hunting and intelligence analysis
• Advise platform owners and product teams on telemetry quality, logging standards, and coverage required for effective detection and hunting

Requirements

• Minimum 5 years of experience in cybersecurity disciplines, with at least 2 years focused on threat hunting or advanced detection engineering
• Minimum 6 years of overall experience in information technology disciplines
• Demonstrated experience leading complex investigations and translating hunt outcomes into durable detections and process improvements
• Strong understanding of attacker tactics, techniques, and procedures, including credential access, defense evasion, living-off-the-land techniques, and cloud/identity attack paths
• Proficiency in detection engineering languages and frameworks such as KQL, LEQL, Sigma, and YARA, and familiarity with security data models
• Hands-on experience with security operations technologies including SIEM, EDR, UEBA, NDR, and SOAR platforms
• Strong knowledge of threat intelligence methodologies, kill-chain analysis, and MITRE ATT&CK mapping
• Experience working with Azure cloud environments and telemetry for detecting threats in cloud-native and SaaS platforms
• Working knowledge of system administration and hardening principles across Windows, macOS, and Linux, including logging and audit policies
• Experience with scripting languages such as Python, PowerShell, or Bash for automation, data analysis, or custom tooling
• Familiarity with privacy and regulatory frameworks such as NIST and ISO 27001 as they relate to monitoring and incident response
• One or more relevant certifications such as GCTI, GCFA, GCIH, OSCP, or similar is considered an asset
• Ability to communicate complex technical findings clearly through executive-ready reporting and cross-team collaboration