Defensive Security & Threat Hunter

🛡️ Job Description: Defensive Security & Threat Hunter

Position: Defensive Security Specialist (Threat Hunting & SOC Operations)

Location: Remote primary, Brussels / Zaventem, Belgium

Team: Threat Research | Purple Team (SOC-focused)

🔍 About Us

Crimson7 is a cyber‑security leader specializing in Attack Intelligence, blending offensive research with defensive innovation . Our Purple Team services—Deep Purple (project-based) and Purple Rain (continuous)—use collaborative, TTP-driven simulations and detection engineering to elevate SecOps. Crimson7 offers managed defense services, like threat hunting and support to SoC operations.

🎯 Role Summary

You’ll strengthen SOC resilience through proactive threat hunting, detection rule development, and active participation in Purple Team exercises. Your mission: turn threat intelligence into high-fidelity detections and ensure visibility into adversarial TTPs. You’ll get occasionally involved in SecOps and SoC operations with clients in the Banking sector.

🧰 Key Responsibilities

• Execute threat hunting based on evolving threat intelligence and MITRE ATT&CK TTPs.
• Design, deploy, and test detection rules and analytics (e.g., Sigma, YARA, network/endpoint).
• Monitor SOC alerts, escalate incidents, and maintain SOC tooling configurations.
• Participate in Purple Team engagements, feeding hunt outcomes back into simulations.
• Collaborate with offensive/research teams to translate adversary behavior into actionable detection.
• Author clear documentation and reports for technical teams and stakeholders.
• Contribute to detection code repository, community tools, and training material.

🎓 Required Skills & Experience

• 3+ years in SOC, incident response, threat hunting, or detection engineering.
• Proficiency with SIEM tools especially Microsoft Sentinel appreciated, (e.g., Elastic, Splunk, Sentinel) and scripting languages (Python, PowerShell). Knowledge of the KQL language.
• Familiarity with tools development in Python, and or other languages like Go, and Node.js (javascript).
• Strong understanding of MITRE ATT&CK and TTP-driven detection.
• Familiar with identity/AD security, defensive monitoring, endpoint/mobile telemetry.
• Familiarity with CI/CD, Git, and test-driven detection pipelines.
• Proven capabilities to learn fast, adapt to a startup changing environment and willing to take the leap into a growth that might be demanding at the beginning.
• Excellent written and verbal English communication.

✅ Nice-to-Have

• Exposure to Purple Team or Red Team processes.
• Experience with cloud-native telemetry (Azure, AWS, GCP).
• Detection Engineering or automation (e.g., SOAR, Sigma library), Terraform.
• Open-source contributions to security products or published threat hunting work.

🌟 Why Join Us?

• Work at the forefront of Threat Informed Defence, combining offensive research with defensive innovation, going from threat intelligence to detection engineering.
• Play a pivotal role in transforming SOC capabilities through real-world detection engineering and managed Purple Team exercises .
• Be part of a dynamic, skilled team committed to continuous improvement and knowledge sharing.