via Internshala·3d ago

Threat Intelligence Engineer

Internshala

Full-timeOn-site

Location:MaharashtraType:Full-timePosted:3d ago

Required Skills & Experience

Authority & Decision Scope

Perform proactive threat hunting across endpoint, network, cloud, and identity logs to identify stealthy or undetected threats.
Develop and execute hunt hypotheses based on attacker TTPs, threat intel, and MITRE ATT&CK techniques.
Investigate suspicious activity and correlate events across SIEM, EDR, NDR, firewall, and AD logs.
Convert hunt findings into actionable detection rules, alerts, and analytics use-cases.
Create suggestions to optimize SIEM detection queries / correlation rules to reduce false positives.
Work on medium-to-complex L2 incident investigations, including lateral movement & persistence analysis.
Perform IOC and TTP mapping, enrichment, and validation using internal & external intel sources.
Collaborate with SOC, DFIR, and Threat Intel teams during investigations and incident response.
Support creation of behaviour-based and anomaly detections instead of IOC-only detections
Contribute to purple-team exercises and validate detections against simulated attacks
Analyze EDR telemetry and endpoint artifacts to identify malicious behaviour patterns
Assist in onboarding new log sources and improving telemetry coverage for hunting & detection
Maintain and update documentation for hunt plans, detection logic, playbooks, and investigation reports, and create quarterly reports that consolidate and summarize these hunting activities, detection logic, playbooks, and investigation outcomes.
Share knowledge with L1/L2 analysts and contribute to building repeatable hunting workflows

Don't want to miss the next one?

Subscribe to daily email alerts for roles matching your interests.