Sr. Threat Hunter - SentinelOne

What are we looking for?

We’re seeking an experienced threat hunter to deliver SentinelOne’s proactive threat hunting services to our Threat Hunting clients (including FedRAMP-authorized environments). You’ll build and maintain a high-quality library of hunts and rules across Windows, macOS, and Linux, with a strong emphasis on EDR telemetry (bonus if you know SentinelOne deeply). You’ll partner closely with MDR, Incident Response, Labs, and Detection Engineering to respond to emerging threats, convert research into actionable hunts, and communicate clearly with clients.

What will you do? 

Threat Hunting & Hunt Library Ownership

• Design, implement, and continuously improve a structured library of hypothesis-driven hunts and reusable rules aligned with the ATT&CK framework.
• Execute proactive hunts across diverse telemetry (primarily EDR) to uncover malicious activity such as living-off-the-land techniques and stealthy persistence.
• Carry out all threat hunting activities in controlled FedRAMP environments.
• Translate findings into repeatable playbooks, automations, and platform-ready detections where applicable.

Emerging Threat Response

• Triage emerging threats (e.g. zero-days) and assess potential exposure.
• Build focused hunts and detections mapped to relevant TTPs, with clear rationale and validation steps.
• Produce concise, actionable client advisories explaining scope and potential impact of the emerging threat, recommended mitigations, and the steps being taken by SentinelOne to protect our customers.

Operational Partner Collaboration

• • Partner with Detection Engineering, MDR, Labs, and CTI to evaluate and tune rules for fidelity and coverage.
  • Curate and operationalize relevant IOCs/TTPs from CTI, Labs research, and OSINT into hunts and when appropriate convert those into platform detections.

What skills and knowledge should you bring?

• 5+ years in security operations and/or adjacent disciplines (threat hunting, incident response, DFIR, malware analysis, SOC, or penetration testing).
• 2+ years hands-on, hypothesis-driven threat hunting with measurable outcomes in EDR-centric environments.
• Strong familiarity with EDR telemetry (process, file, network, persistence)—SentinelOne experience is a plus.
• Proficiency with Python and Git/GitHub workflows (branches, PRs, code review); ability to turn hunt logic into robust, reusable code.
• Broad OS internals knowledge across Windows, Linux, and macOS.
• Applied CTI skills: consume and operationalize IOCs/TTPs; track actors/campaigns; pivot with OSINT to enrich hunts.
• Experience collaborating with cross-functional teams (MDR, IR, Labs, Detection Engineering) to cycle from research → hunt → detection → outcome.
• Clear, concise writing and reporting for client-facing communications (advisories, AARs, executive summaries), and comfort presenting technical analysis directly to clients when necessary.
• Familiarity with MITRE ATT&CK and mapping hunts to relevant techniques 
• U.S. citizenship required due to FedRAMP program requirements.

Why us? 

You will be joining a cutting-edge company where you will tackle extraordinary challenges and work with the very best in the industry.

• Medical, Vision, Dental, 401(k), Commuter, Health and Dependent FSA
• Unlimited PTO
• Industry-leading gender-neutral parental leave
• Paid Company Holidays
• Paid Sick Time
• Employee stock purchase program
• Disability and life insurance
• Employee assistance program
• Gym membership reimbursement
• Cell phone reimbursement