Senior Threat Hunter

About Coalfire
Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.
But that’s not who we are – that’s just what we do. We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.
Position Summary
The Senior Threat Hunter leads intelligence-driven hunting operations across client environments, leveraging deep expertise in EDR telemetry, network forensics, and cloud log analytics to uncover advanced adversaries and security control gaps. You will craft hypotheses, execute hunts, validate findings through adversary emulation or penetration-testing techniques, and partner with detection engineers to operationalize new coverage in SIEM/EDR. Your work directly strengthens our customers’ security posture and shapes Coalfire’s next-generation security services.

What You'll Do

• Formulate, document, and execute threat-hunting hypotheses using data from EDR (CrowdStrike, SentinelOne, Microsoft Defender), SIEM, and cloud/native logs.
• Analyze host artifacts, network traffic, and attack surface data to identify anomalous behaviors and previously undetected malicious activity.
• Perform gap assessments: leverage penetration-testing or adversary-emulation techniques to validate visibility, exploitability, and resilience of client defenses.
• Translate hunt results into high-fidelity detections, dashboards, and automated response playbooks in collaboration with Detection Engineering & IR teams.
• Produce concise, executive-ready reports and technical deep dives that clearly articulate impact, risk, and remediation guidance.
• Mentor junior hunters and SOC analysts; develop reusable methodologies, runbooks, and training labs.
• Track and curate adversary tactics, techniques, and procedures (TTPs); feed intelligence into hunt planning and service roadmap.
• Contribute to service maturation (tool evaluations, process improvements, metrics) and evangelize Coalfire’s hunting value to prospects and industry forums.

What You'll Bring

• 5+ years in Threat Hunting, Incident Response, Red Team, or Penetration Testing roles.
• Demonstrated expertise with at least one major EDR platform (CrowdStrike, SentinelOne, Microsoft Defender) including query language, telemetry, and detection engineering.
• Hands-on experience designing or executing threat-hunting campaigns across Windows, Linux, macOS, and cloud workloads (AWS, Azure, GCP).
• Strong proficiency in scripting/automation (Python, PowerShell, or similar) to manipulate data and accelerate hunts.
• Solid grasp of ATT&CK, MITRE CTI frameworks, OWASP, NIST, and security architecture best practices.
• Exceptional analytical and written/verbal communication skills—able to convert complex findings into clear business impact.
• Ability to work on occasional off-hours investigations, client calls across time zones.
• Ability to travel up to 20% for onsite engagements, purple-team exercises, and conferences.

Required Certifications (or equivalent demonstrable skills)
• One or more of: OSCP, GPEN, GCIH, CISSP, Blue Team Level II, GIAC GMON/GCFA.

Bonus Points

• Experience integrating hunt outputs into SOAR platforms and modern SIEMs (e.g., Splunk, Chronicle, Sentinel).
• Cloud threat-hunting or offensive research publications/tools.
• Prior consulting or client-facing delivery experience.

Why You’ll Want to Join Us
At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.
Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.
At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, our Human Resources team at HumanResourcesMB@coalfire.com.