previous job ad next job ad

Welcome to the team:
Threat Hunter – Threat Analytics & Hunting (m/f/diverse)

    Apply now: https://jobs.commerzbank.com/index.php?ac=application&jobad_id=60437

    Your tasks

    • Developing and executing hunt queries across SIEM and EDR platforms to identify adversary activity.
    • Analyzing large datasets to identify patterns, anomalies, and indicators of compromise.
    • Iterating over queries based on hunt findings and tuning for false positive reduction.
    • Understanding windows processes, services, registry, architecture and authentication mechanisms. 
    • Identifying common attacker abuse patterns and living-off-the-land techniques.
    • Interpreting endpoint telemetry to distinguish malicious from benign activity.
    • Mapping threat actor behaviors to ATT&CK tactics and techniques.
    • Developing hunt hypotheses based on technique coverage and organizational risk.
    • Identifying detection gaps across the kill chain and prioritizing hunts accordingly.
    • Consuming and operationalizing threat intelligence reports relevant to the financial sector.
    • Extracting indicators, TTPs, and behavioral patterns to drive hunt hypotheses.
    • Correlating external intelligence with internal telemetry.
    • Understanding common protocols and how adversaries abuse them.
    • Analyzing network logs and identifying covert communication channels and anomalous traffic patterns.
    • Correlating events across endpoint, network, and identity data sources.
    • Building comprehensive attack timelines from various log sources.
    • Identifying relationships between seemingly unrelated events.
    • Understanding Active Directory architecture and common attack paths.
    • Analyzing authentication flows and identifying credential abuse patterns.
    • Detecting anomalous authentication and access behaviors.
    • Documenting hypotheses, methodologies, queries, and findings in a structured format.   
    • Contributing Producing hunt reports.
    • Contributing to internal documentation related to hunting activities.

    Your profile

    • Minimum 3 years of relevant experience in security operations, incident response, threat hunting or detection engineering.
    • Track record of investigating complex intrusions or leading technical incident analysis.
    • Professional certifications such as eCTHP, BTL1/2, GCFA, GEIR, OSCP, CRTO, PNPT or equivalent are preferred.
    • Deep understanding of frameworks and methodologies such as the Cyber Kill Chain, Diamond Model, and MITRE ATT&CK, and Threat Hunting tooling.
    • Experience in financial services, critical infrastructure or similarly regulated environments.
    • Deep technical knowledge of adversary TTPs, malware analysis, intrusion detection, and cloud technology.
    • Strong analytical and customer-oriented thinking, Conflict resolution and decision-making skills.
    • Outstanding communication skills in English

    In return, we offer:

    • Good work-life balance, including 25 days annual paid leave (increasing with 1 day per year up to 31 in total), flexible working hours, work-from-home and work from abroad opportunities;
    • Luxury package of additional health and dental insurance;
    • Food vouchers in the amount of 128 BGN monthly;
    • 6 additional annual days off for exceptional circumstances;
    • Employee assistance program for psychological, financial, and legal consultations;
    • Multisport card;
    • Annual contribution of 300 BGN net per child for a summer camp/school/kindergarten for children up to age of 15;
    • Possibilities for building career-advancing skills by covering training/certification courses and conferences based on individual learning and development needs, access to an online learning platform;
    • Opportunities for long-term professional development in a stable, 150-year-old company while contributing to the vision of a new, just starting Digital Technology Center;
    • Friendly and supportive multicultural environment, open to new opinions and ideas.

    Commerzbank is proud to be an equal opportunity employer, committed to creating a diverse environment. All qualified applicants will receive consideration for employment without regard to gender, race, color, national origin, religion, gender identity or expression, sexual orientation, genetics, disability, age, or any other characteristics.

    Our Benefits

    • Learning Platforms
    • Children Summer Camp Contribution
    • Employee assistance program
    • Food vouchers
    • 6 Exceptional Days Off
    • Multisport Card
    • 25 up to 31 annual paid leave
    • Health& Dental Insurance
    • Work-life balance
    • Work internationally

    Learning Platforms; Children Summer Camp Contribution; Employee assistance program; Food vouchers; 6 Exceptional Days Off; Multisport Card; 25 up to 31 annual paid leave; Health& Dental Insurance; Work-life balance; Work internationally

    The company

    Commerzbank is a leading international commercial bank with branches and offices in almost 50 countries. The world is changing, becoming digital, and so are we. We are leaving the traditional bank behind us and we are choosing to move forward as a digital enterprise.

    As part of this strategy, Commerzbank continues the expansion of its Digital Technology Center in Sofia, Bulgaria. We need motivated people who will join us on this journey and we are looking for a Threat Hunter – Threat Analytics & Hunting in our Cluster Cyber Defense & Base Services team.

    Contact

    Apply now with your up-to-date CV in English!

    Due to the high volume of applications, we contact only the candidates who best match the role requirements. If you do not hear from us within 14 days, please consider that we won't proceed with your application  at this stage.

    previous job ad next job ad
    Back