via Internshala·3d ago
Threat Intelligence Engineer
Internshala
Full-timeOn-site
Location:MaharashtraType:Full-timePosted:3d ago
About the job
Required Skills & Experience
- Strong understanding of security logs, telemetry, and data analysis.
- Hands-on experience with SIEM and EDR platforms.
- Solid knowledge of Windows and Linux operating systems.
- Working knowledge of networking concepts and protocols.
- Practical understanding of MITRE ATT&CK framework.
- Ability to analyse and interpret complex security data.
- Basic scripting or query writing skills (KQL, SPL, SQL, Python, etc.)
Authority & Decision Scope
- Executes threat hunts and investigations within defined scope.
- Escalates confirmed threats and recommendations to senior stakeholders.
- Operates under established threat hunting strategies and governance.
Responsibilities
- Perform proactive threat hunting across endpoint, network, cloud, and identity logs to identify stealthy or undetected threats.
- Develop and execute hunt hypotheses based on attacker TTPs, threat intel, and MITRE ATT&CK techniques.
- Investigate suspicious activity and correlate events across SIEM, EDR, NDR, firewall, and AD logs.
- Convert hunt findings into actionable detection rules, alerts, and analytics use-cases.
- Create suggestions to optimize SIEM detection queries / correlation rules to reduce false positives.
- Work on medium-to-complex L2 incident investigations, including lateral movement & persistence analysis.
- Perform IOC and TTP mapping, enrichment, and validation using internal & external intel sources.
- Collaborate with SOC, DFIR, and Threat Intel teams during investigations and incident response.
- Support creation of behaviour-based and anomaly detections instead of IOC-only detections
- Contribute to purple-team exercises and validate detections against simulated attacks
- Analyze EDR telemetry and endpoint artifacts to identify malicious behaviour patterns
- Assist in onboarding new log sources and improving telemetry coverage for hunting & detection
- Maintain and update documentation for hunt plans, detection logic, playbooks, and investigation reports, and create quarterly reports that consolidate and summarize these hunting activities, detection logic, playbooks, and investigation outcomes.
- Share knowledge with L1/L2 analysts and contribute to building repeatable hunting workflows
Don't want to miss the next one?
Subscribe to daily email alerts for roles matching your interests.